PRIVACY NOTICE
Effective Date: 15 September 2024
This Privacy Notice describes how Mercer Talent Enterprise (“MTE”), collect, use, share, retain, transfer and otherwise process information relating to identified or identifiable individuals (Personal Information), and the rights you may have regarding your Personal Information. We believe that it is important for you to understand how we process Personal Information and encourage you to take a moment to familiarize yourself with our privacy practices outlined below.
Please note that MTE is a provider of behavioral science assessment solutions and in some instances, we act on behalf of and under the instructions of clients, financial institutions, merchants, and other partners who act as data controllers, including for processing payment transactions. Please refer to privacy policies of those partners for more information regarding the processing of your Personal Information in these contexts.
WHAT IS OUR RELATIONSHIP TO YOU
You are being asked by a third party to complete an assessment on MTE’s platform. This third party is MTE’s client and may be your employer, potential employer, or another related party. MTE collects and processes your Personal Information on behalf of our clients. We follow instructions provided by our clients regarding what Personal Information to collect and how to process such Personal Information. MTE therefore acts as a Processor for our clients who determine the processing of your Personal Information.
To the extent that you have questions about the processing of your Personal Information, we encourage you to visit the privacy notice of our client.
WHAT PERSONAL INFORMATION DO WE COLLECT
Our client directs us to collect certain information on their behalf. Other than your name and email address, which is required to create an account, MTE does not independently determine what information is collected. Based on the needs and direction of our client, we may collect the following categories of Personal Information where appropriate to fulfil our intended business purposes:
Category | Examples |
Biographical identifiers | Name, date of birth, age, place of birth, gender. |
Contact information | Home address, telephone number, personal email address. |
Identification information | Tax number, social security number or other government issued identification number, driver’s license number, passport information, bank account details, income tax declaration, income tax number. |
Professional or employment-related information | Employer or group, relationship to our company, job title, business contact details, employee ID, employment grade, employee performance, salary and remuneration arrangements and employment history, and/or your relationship to the policyholder, insured, beneficiary or claimant. |
Sensitive demographic attributes | Race, citizenship, physical or mental health or disability, sex (including gender, gender identity, pregnancy or childbirth and related medical conditions), sexual orientation, union membership, veteran, or military status. |
Biometric and physical data | Facial scans and facial monitoring as part of proctoring options. |
Data concerning your physical environment | Video or your specifical localized area taken via video or photo as part of proctoring options. The specific data collected regarding your physical environment will vary based on what is visible to the proctoring cameras. |
Internet or other similar network activity | Browsing and search history, interaction with a website, application, or advertisement, data from cookies or web beacons, login credentials, domain names, and interactions with our emails, including when you read and respond to emails, ISP (Internet Service Provider), browser details, other website activity, online identifiers (including IP address or device ID). |
Any other voluntarily provided information | Information regarding partners and dependents (including minor dependents); emergency contact details, disclosure statements, restrictive covenants, geolocation, marketing and communication preferences, information related to company-sponsored events that you have attended, and your feedback or survey responses where you choose to identify yourself. |
Please note that these are examples. MTE strives to adhere to the concept of data minimization and seeks to collect only the Personal Information that is strictly necessary for the provision of services to you. However, we are unable to control the information requested by our clients or the information that you voluntarily provide.
HOW WE COLLECT PERSONAL INFORMATION
Information Provided by You, Your Representatives or Third Parties
We may collect Personal Information from the following sources:
- Directly from you, for example when you visit a website, create an account, complete a survey, or otherwise give us information.
- Your representatives, including your employer, association, or group or benefit program/plan sponsor.
During the assessment, personal information may be collected via your webcam, microphone, or other hardware elements from your system. Your system and the MTE program will ask for your consent prior to collecting personal information from your hardware.
If you supply us with Personal Information about other people (e.g., family members, beneficiaries, or dependents), you represent that you have the authority to provide this information and that you have shared this Privacy Notice where appropriate. We do not knowingly collect Personal Information directly from minors.
Collection by Automated Means
We use cookies and related tracking technologies (“Cookies”) on our company-owned websites. If available based on your jurisdiction, website users can opt-out of our use of certain Cookies using the Manage Cookies link at the bottom of the website. To find out more about how we use Cookies, please see our Cookie Notice.
Collection by Third Parties
If you conduct a transaction through us, a third party (e.g., a service provider or insurer) may collect and process credit card or other Personal Information about you, including through Cookies, in connection with such a transaction. In those instances, and for any other arrangement where we receive information from your employer, association or other third party, we encourage you to read the third party’s privacy policy to learn more about how your information will be used and disclosed by them.
HOW WE USE THE PERSONAL INFORMATION WE COLLECT
We may use Personal Information we collect:
Category | Use | Legal Basis |
To conduct our business | We use Personal Information as necessary to conduct our business, including to verify your identity, respond to your queries, communicate with you, process transactions, establish an online account, or carry out our contractual obligations. | Contract performance and, where applicable, legitimate interests (to enable us to perform our obligations and provide our services. |
To provide you with marketing material where permissible under applicable law | We may use your contact details to send you information about products, services, and insights we think might be of interest to you. These communications may be sent by email, text, post, or phone in accordance with your marketing preferences and applicable global laws, including those relating to data protection and electronic communication. As a result, the basis on which we contact you will vary depending on who you are, our relationship with you, and where you are located. Regardless of the basis on which we share our marketing communications with you, we will comply with local law and provide an option for you to unsubscribe at any time in which case we will stop sending you our marketing communications. You can also change your marketing preferences by contacting us at privacy@mmc.com. Please note that, even if you opt-out of receiving marketing communications, we may still send you communications in connection with the services we provide to you. | Legal obligation, consent (which you can refuse or withdraw) and, where applicable, legitimate interest (to keep you updated with news in relation to our products and services). |
For research, data analytics and development purposes | We may analyse Personal Information together with information from other clients to create insights, reports, and other analytics to better understand and improve the quality of our offering; market our advice, products, and services; and evaluate the effectiveness of our marketing activities, websites, and overall service. Please note that we may de-identify Personal Information such that it is not associated with any particular client or individual. | Where applicable, legitimate interests (to allow us to improve our services). |
To monitor certain activities and maintain network security and performance, and protect against cyber attacks | We monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud. We also use Personal Information as necessary to maintain network security, monitor website performance, and protect our systems against cyber attacks. | Legal obligation, and, where applicable, legitimate interests (to ensure the quality and legality of our services). |
To maintain our websites and ensure website content is relevant | We use Personal Information as necessary to maintain our websites and ensure that content from our websites is presented in the most effective manner for you and for your device. | Contract performance and, where applicable, legitimate interests (to allow us to provide you with content and services on the websites). |
To reorganize or make changes to our business | As necessary if we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation. | Legal obligation or legitimate interests (to allow us to change our business). |
In connection with legal or regulatory obligations | We use Personal Information to comply with our regulatory disclosure requirements or as part of dialogue with our regulators as applicable. | Legal obligation, and where appropriate, legitimate interests (to cooperate with law enforcement and regulatory authorities). |
For Fraud, Anti-Money Laundering and Sanctions Screenings | When establishing or maintaining client relationships for the provision of certain services we use Personal Information for the purposes of carrying out fraud, anti-money laundering or sanctions checks. | Legal obligations and, where appropriate, legitimate interests (to cooperate with law enforcement and regulatory authorities). |
We may also use the Personal Information we collect and receive as otherwise described to you at the point of collection.
External Links
Our websites may include links to websites that are operated by organizations other than MTE. If you access another organization’s website using a hyperlink on our website, the other organization may collect information from you. MTE is not responsible for the content or privacy practices of linked websites or their use of your Personal Information. If you leave a MTE website via such a link (you can tell where you are by checking the URL in the location bar on your browser), you should refer to that website’s privacy policies, terms of use, and other notices to determine how the other organization will handle any Personal Information they collect from you.
WHO WE DISCLOSE PERSONAL INFORMATION TO
We may disclose Personal Information to the following categories of third parties:
Categories of third parties | Purpose for Disclosure |
Your employer, association, group, or benefit program sponsor, when applicable (i.e., MTE’s Client) | To provide services to our client |
MTE affiliates or other entities within the Marsh McLennan group of companies (MMC) | Enable them to provide services to you or contact you regarding additional products and services. |
Agents or third-party service providers | Perform functions or services for us or on our behalf. Such third parties are contractually restricted from using Personal Information for purposes other than providing services for or on behalf of MTE. |
Marketing partners, including our affiliates and third parties engaged by us or our clients in connection with the services. | As permitted by law to provide you with information about our products, services or insights. |
Potential partners or successor entities | In the context of mergers, acquisitions, bankruptcies, asset sales or other transactions where a third party assumes control of all or part of our assets. |
Website analytics and advertising companies | Help us to personalize ads and content based on your interests, measure the performance of our ads and content, and derive insights about the audiences who see our ads and content. |
Anti-fraud databases, supervisory or regulatory authorities, law enforcement and other third parties | As necessary to prevent fraud, communicate with supervisory or regulatory authorities, protect and defend the legal rights, safety, and security of MTE, our affiliates and business partners, and users of any website, enforce the Terms of Use of a website; respond to claims of suspected or actual illegal activity; respond to an audit or investigate a complaint or security threat; or comply with applicable law, regulation, legal process, or governmental request. |
We may also disclose de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.
STEPS WE TAKE TO PROTECT PERSONAL INFORMATION
Our company strives to comply with all applicable cybersecurity and data protection laws. With these goals in mind, MMC has a dedicated Chief Information Security Officer (CISO) and a Global Chief Privacy Officer (GCPO). The CISO is responsible for managing a Global Information Security team and a comprehensive cybersecurity program. As part of our cybersecurity program, we have implemented commercially reasonable physical, administrative, and technical safeguards to protect Personal Information from unauthorized access, use, alteration, and deletion.
The GCPO leads and oversees a Privacy Center of Excellence and a Data Protection Officer Network responsible for implementing our comprehensive global privacy program. The Data Protection Officer Network connects our Data Protection Officers across the world and seeks to implement our privacy program consistently and thoroughly wherever we process data. You can obtain the name and contact information for the Data Protection Officer in your jurisdiction by contacting us at privacy@mmc.com.
YOUR DATA PROTECTION RIGHTS
In many cases, we handle Personal Information to provide our services to corporate clients, and you should contact them to exercise any rights you may have under applicable privacy laws. However, where we act as the controller or business that is primarily responsible for deciding how your information is processed, you may have some or all the rights listed below, depending on the jurisdiction and our reason for processing your information. Please note that we may need to use your Personal Information to verify your identity prior to responding to any of the below rights.
- Right of access (Right to know)
You may ask us to provide you with further details on how we make use of your Personal Information, the sources, the categories or specific pieces of Personal Information we have collected, the categories of third parties to whom we have disclosed the information, and to request a copy of the Personal Information that we hold about you.
- Right to correct
You may ask us to update any inaccuracies in the Personal Information we hold. If we disclose your Personal Information to others, we will tell them about the correction where possible.
- Right to delete
You may ask us to erase your Personal Information where we no longer have lawful grounds to process it.
- Right to object to or restrict processing
You may have a right to restrict the processing of your Personal Information in certain circumstances, such as where you contest its accuracy.
- Right to data portability
You may have the right, where it is technically feasible, to ask that we transfer to a third party of your choice a copy of Personal Information we have obtained from you, in a structured, commonly used, and machine-readable format.
- Right to withdraw consent
If we rely on your consent as our legal basis for processing your Personal Information, you have the right to withdraw that consent.
- Right to lodge a complaint
You may have the right to lodge a complaint with the relevant supervisory or regulatory authority in your jurisdiction if you have a concern about any aspect of our privacy practices.
If you wish to exercise any of the above rights or request review of a decision or denial, please contact us using the applicable contact information:
- United States and Canada
- MTE USA: Complete this Form or call 855-275-5436
- MTE US – Other (Affinity, ICAT, Torrent, Captive Solutions, Advisory): Complete this Form or call 855-275-5436
- MTE and MMC Agency: Complete this Form or call 800-960-0416
- Canada: Complete this Form
- For India, Indonesia, Saudi Arabia, Thailand, and Vietnam
- For all other jurisdictions
- Please email privacy@mmc.com
Depending on your country, you may also have some or all the following rights:
- Right to Opt in or out of Sale or Sharing for Cross-Context Advertising
If you visit one of our websites, we may disclose your internet or other electronic network activity information, biographical identifiers, geolocation data, and professional information (to the extent it can be derived from your activity on our website) to website analytic and advertising providers for cross-context behavioral or targeted advertising purposes utilizing advertising cookies. Under some laws, you may have the right to opt in or out of these types of disclosures. To make your selection(s) or to view the names of specific third parties with whom we have sold or shared your information, please click on the “Manage Cookies” link at the bottom of our webpage. If you would like to opt out of the sale or sharing of your information, ensure the toggles for “Advertising” and “Analytics” trackers are set to “No” or, where available, enable the Do Not Sell or Share My Personal Information toggle.You may also implement a browser setting or extension to communicate your selling and sharing preferences automatically to the websites you visit. Our websites process such “opt-out preference signals” in a frictionless manner by recognizing the Global Privacy Control (GPC). If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.
- Rights in relation to automated decision making and profiling
To the extent we engage in the automated processing of your Personal Information, we will provide you in advance with any notices, including regarding your rights, that are required under law.
- Direct Marketing and Do Not Track Signals
You may have a right to request and obtain a notice once a year about the Personal Information we disclosed to other businesses for their own direct marketing purposes, where permitted by law. If applicable, such a notice will include a list of the categories of Personal Information that were disclosed (if any) and the names and addresses of all third parties to whom the Personal Information was disclosed (if any). The notice will cover the preceding calendar year. You may contact us as provided below if you would like to learn if this right applies to you and, if so, exercise that right.
Please note that some of these rights may be limited where we have an overriding legitimate interest or legal, regulatory, or contractual obligation to continue to process the Personal Information, or where the Personal Information may be exempt from disclosure or erasure under applicable law. Some of these rights can be exercised only in certain circumstances or may otherwise be limited by data protection legislation in your jurisdiction.
CROSS-BORDER TRANSFERS
As a global company operating across more than 80 countries, there are circumstances in which we will have to transfer Personal Information out of the country, province, or territory in which it was collected for the purposes outlined in this Privacy Notice. Specifically, we may transfer data to offer, administer, and manage the Services provided to you, and to enhance the efficiency of our business operations. We will make every effort to ensure that these transfers adhere to all relevant data protection legislation, and that the rights and freedoms of individuals under such laws are appropriately safeguarded.
Where the need for such a transfer arises, we will take steps to ensure that there are appropriate safeguards in place to protect Personal Information such as an impact assessment, adequacy decision by the appropriate supervisory authority, the use of approved binding corporate rules or standard contractual clauses, or your consent.
For information regarding how MMC’s EU (European Union) Binding Corporate Rules (EU BCRs) operate, click here. For a list of entities that have agreed to be bound by the EU BCRs, click here.
For information regarding how MMC’s UK Binding Corporate Rules (UK BCRs) operate, click here. For a list of entities that have agreed to be bound by the UK BCRs, click here.
RETENTION OF YOUR INFORMATION
Our products, services, and regulatory obligations are complex, and thus our retention periods for Personal Information vary. We consider the following obligations when setting retention periods for Personal Information and the records we maintain:
- the need to retain information to accomplish the business purposes or contractual obligations for which it was collected;
- our duties to effectuate our clients’ instructions with respect to Personal Information we process on their behalf;
- our duties to comply with mandatory legal and regulatory record-keeping requirements;
- our backup and disaster recovery procedures; and
- other legal impacts such as the applicable statute of limitations periods.
Based on the factors above, we may retain Personal Information beyond the period for which we provide services to you. When we no longer need to retain Personal Information, our company policies require that we either de-identify or aggregate the information (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy it.
QUESTIONS OR CONCERNS
To submit questions or requests regarding this Privacy Notice or MTE’s privacy practices, please email us at privacy@mmc.com. If you would prefer to contact us by post or by phone, please contact your local Data Protection Officer. You can obtain the contact information for your local Data Protection Officer by contacting us at privacy@mmc.com.
Mercer Privacy Notice
Privacy Statement
Mercer LLC and its affiliates (the “Company”) believe strongly in protecting the privacy of Internet users who visit our website, located at www.mercer.com (the “Site”). This Privacy Statement is intended to inform you of the ways in which this Site collects personal information, the uses to which that information will be put, and the ways in which we will protect any personal information you choose to provide us. Generally, personal information is information that can be used to identify you or your activities on the Site or information about you which you provide to us through services offered on the Site.
This Privacy Statement applies solely to data collected via the Site. There may be additional personal (and other) information that we have or collect about you or your company pursuant to other relationships which is subject to other agreements and rules.
What Data Do We Collect?
The information collected by the Company through the Site falls into two categories: (1) information voluntarily supplied by visitors to our Site and (2) information gathered via automated means as visitors navigate through our Site.
Information Voluntarily Provided by You:
In the course of using this Site, you may choose to provide us with information to help us serve your needs. For example, you may provide us your e-mail address to request information, or you may send us your mailing address so we may send you the material you have requested. You may also choose to apply for a job at the Company and submit a job application via our career site https://careers.marshmclennan.com/. Any personal information you send us will be used only for the purpose indicated on the careers site or in this Statement.
Information Collected by Automated Means:
To understand how we may use cookies on our Site, please see our Cookie Notice.
In addition, in the course of ensuring network security and consistent service for all users, the Company employs software programs to do such things as monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage the Company’s computers or the network, and monitor and fine-tune the performance of the Company network and this Site. In the course of such monitoring, these programs may detect additional information from your computer such as your IP address, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of the Company’s networks and computer systems.
How Do We Use the Data We Collect?
We will use the information provided by you in order to serve your needs. This may include things such as sending you electronic or written materials or, for example, if you supply us with your telephone number, you may receive telephone contact from us in response to your request. We work with our business partners to collect information about the use of the site. Our business partners collect information such as how often users visit the site and what pages users visited prior to visiting the site. We use this information to maintain and improve the site.
We may also use the information we collect and receive as otherwise described to you at the point of collection or pursuant to your consent.
Who Do We Share Your Data With?
We will not disclose, share, sell, or otherwise use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement:
- Affiliates: To enable them to provide services to you and to enable them to contact you regarding additional products and services that you have expressed an interest in.
- Agents and Service Providers: We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting this Site, sending e-mail messages, and making phone calls. They may have access to personal information, such as addresses, needed to perform their functions, but are contractually restricted from using it for purposes other than providing services for the Company or on our behalf.
- Business Transfers: As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either the Company itself or any of the Company’s assets were acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
- Legal Matters: The Company may preserve, and has the right to disclose any information about you or your use of this Site without your prior permission if the Company has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of the Company or its affiliates, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
What Steps Do We Take to Protect Your Information?
This Site and all information that you submit through this Site is collected, stored, and processed in the United States within Company-controlled databases. We restrict access to your personal information to those employees of ours, and our affiliates, and to those service providers who need to use it to provide this Site and our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
Some Other Matters
Accessing and Correcting Your Information
Keeping your information accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information using the “contact us” feature of this website.
External Links:
This Site includes links to other sites that are operated by organizations other than the Company. If you access another organization’s website using a link provided, the other organization may collect information from you. The Company is not responsible for the content or privacy practices of linked websites or their use. Once you have left this Site via such a link (you can tell where you are by checking the URL in the location bar on your browser), you should refer to those websites’ privacy policies, terms of use, and practices to determine how they will handle any information they collect from you.
Applicability of This Privacy Statement to International Users:
This Privacy Statement is provided in accordance with and subject to U.S. law. If you access this Site from a location outside of the United States, you agree that you use of this Site is subject to the terms of this Privacy Statement and the Terms of Use and you recognize and accept that your personal information may be transferred to and processed in the U.S. and other countries that may not be deemed to provide the same level of data protection as your home country and that may have been deemed to have inadequate data privacy laws under the laws of your jurisdiction. See also the Privacy Statement or Policy available on other Mercer sites, such as country specific sites like mercer.xx or special purposes sites such as imercer.com, for information about privacy treatments for users of these sites.
Children:
This Site is not intended for children, and we do not knowingly collect, use or disclose information of children under the age of thirteen (13) without the consent of their parents or legal guardians. In an instance where such information was collected, it would be purely accidental and unintentional.
Rights of Individuals in Certain US States:
Click here for our privacy notice regarding additional rights you may have in certain US states.
For Company Career Candidates
Please read our Candidate Privacy Statement posted on our careers websites, available at https://careers.marshmclennan.com/
Changes to Privacy Statement
The Privacy Statement is subject to change at any time. It was last changed on December 7, 2022. If we make changes to this Privacy Statement, we will updated the date it was last changed. Any changes we make to this Privacy Statement become effective immediately when we post the revised Privacy Statement on this Site. We recommend that you review this Privacy Statement regularly for changes.
Questions or Concerns?
If you have any questions, concerns, or complaints about this Privacy Statement, or our privacy practices in general, they should be directed to the Company at privacycoordinator@mercer.com or by contacting the Company at:
Mercer LLC
1166 Avenue of Americas
New York, New York 10036
USA
The websites and webpages under www.thetalententerprise.com and our assessment and survey platform know as Lighthouse
under www.tte-lighthouse.com , www.tte-lighthouse.ae and www.tte-lighthouse-sa.com and the services provided on these pages are being offered to you by:
Company Name: Mercer Talent Enterprise Holding Limited and Its Subsidiaries (jointly known as Mercer Talent Enterprise)
Board of Directors: David Jones, Radhika Punshi and Gauri Gupta
Registration Details: Abu Dhabi, UAE
Purpose
Mercer Talent Enterprise and its subsidiaries respects your rights to privacy. We are committed to protecting your rights and to providing transparency in respect to our data management and security policies and procedures. This document sets forth how we will use your data and personal information provided to us directly by you, by your current employer, past employer, potential employer, educational institution, a governmental authority our strategic partners or any other organisation as part of our commitment to protecting and respecting your personal information.
We recommend that you read this Privacy Policy in full to ensure you are fully informed of your data privacy rights. If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.
Data Collection
The data that we collect from you or receive about you may include personal information provided:
- On our website, www.thetalententerprise.com, our company social media pages as well as any related portals or platforms controlled or managed by Mercer Talent Enterprise.
- On our assessment and survey platform, Lighthouse as well as any related portals or platforms controlled or managed by Mercer Talent Enterprise.
- On third party platforms as well as any related or affiliate portals that we may use on behalf of Mercer Talent Enterprise from time to time.
- On emails, on the phone as well official and personal correspondence at events, conferences, marketing promotion campaigns, research projects etc. by employees of Mercer Talent Enterprise, or affiliates, partners and representatives of Mercer Talent Enterprise
The data and personal information received by Mercer Talent Enterprise may be shared directly by you (known as “Participant” or Participants), your current employer, your past employer, your potential employer, your educational institution, a governmental authority (all collectively known as “Client” or “Clients”), our strategic partners (known as “Partner” or “Partners”) or any other organisation (known as “Third Party” or “Third Parties”). In some cases, we may also receive payment data such as financial or credit card information if you buy our goods and services directly through our website or related platforms.
Your “data” and “personal information” includes other similar terms under applicable privacy laws such as “personal data” and “personally identifiable information”. In general, “data” refers to your responses to the questionnaires, surveys and assessments that you respond to on the Lighthouse platform. Your “personal information” includes any information that identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual, i.e. a Participant or Participants.
It is assumed that in the case that your data is shared with us by our Clients, Partners or Third Parties, they have gained the necessary consent or are otherwise legally permitted or required to disclose your personal information to Mercer Talent Enterprise. Mercer Talent Enterprise is not liable for any personal Participant data shared with us that has not been directly collected by us on our website, on the Lighthouse platform or related portals.
Mercer Talent Enterprise acts as Data Controllers with respect to personal information about you that we receive from you and / or from our Clients, Partners or Third Parties. We may also act as a Data Processor of your personal information in specific situations, in which case we will process personal information only under the instructions of our clients. In some cases, your current employer, your past employer, your potential employer, your educational institution, a governmental authority or a Partner or Third Party may also be Data Controller in which case you should contact them directly if you want to exercise a right over data for which they are Data Controller.
Further Details on Data Collection Through our Website
Mercer Talent Enterprise website (www.thetalententerprise.com) may automatically collect the following information through the use of cookies and related tools and technologies.
- General information including traffic on website, location information, Participant and efficiency metrics such as time spent on page, number of click throughs, number of repeat visits, number of downloads etc.
- In some cases, specific information including your browser type and version, time-zones, your Internet protocol address (IP address), referring website information (if any) and other related parameters.
- Information shared by you on our website such as your contact details, requirements.
Further Details on Data Collection Through Lighthouse
The survey and assessment data collected on Lighthouse may be in various forms, including personal information such as your name, your email id, your photograph, your career background information, your experience and qualifications etc. as determined jointly by Mercer Talent Enterprise as well as our Clients or Partners. At times, you may need to share personal data which may be considered as sensitive. As an example, you may inform us about a health issue, special need or reasonable adjustments which may need to be made in order for you to complete the assessment.
Assessment Data
The assessment data collected on the Lighthouse platform includes your responses to various psychometric tests and other questionnaires, such as personality and strengths assessments, career assessments, cognitive ability tests, motives and values assessments, well-being surveys as well as observable competency data such as your responses to our assessment activities, such as case studies, role plays, situational judgement tests, video interviews etc. through our proprietary Talent Discovery Centers® (also known as assessment centres) or Talent Learning Centers® (also known as development centres). All of the assessment data collected on Lighthouse is ‘self-report’, i.e. based on your own responses to our questionnaires, tests and assessments.
For our well-being projects, we may collect additional well-being data such as your sleep patterns, your levels of physical activity, your nutrition and other personal and / or sensitive data around your physical and mental health from yourselves or from our Clients, Partners and / or Third Parties, on behalf of our Clients or Partners. This data may be shared with our Clients, Partners or Third Parties as per stringent confidentiality guidelines, as per the agreed project requirements and as communicated to you prior to the start of the specific project.
In some cases, we may ask you to enable your camera to capture images or videos of you for identification purposes for some of our assessments or when we conduct assessments for some clients such as video interviewing. These images or videos may be provided to clients requesting that you complete the assessment. In the event we request that you enable your camera during your participation in an assessment, this will be required for you to proceed.
360 and Multi-Rater Feedback Data
The 360 and multi-rater feedback data shared on the Lighthouse platform typically includes your responses to competency-based feedback, as well as responses from other raters or evaluators, such as peers, direct reports, line managers and other stakeholders.
Organisational Survey Data
This data includes your responses to organizational questionnaires and surveys such as employee engagement surveys, culture surveys, digital readiness surveys etc. These surveys are typically completed by you as well as by your colleagues and other employees and stakeholders within the organisation.
Use of Data
Website Data
Information received by Mercer Talent Enterprise on our website, our company social media pages as well as any related portals or platforms controlled or managed by Mercer Talent Enterprise may be used to:
- Contact you to understand your interest or requirements from Mercer Talent Enterprise.
- Contact you regarding any updates or changes about our service.
- To fulfil any performance and / or contractual obligations to our Clients, Partners or Third Parties.
- Your personal information may be added to our marketing database(s), from which you can choose to opt out anytime.
- We warrant that we will never rent or sell your personal data to any organisation, affiliates or third parties.
Information received by Mercer Talent Enterprise on our assessment and survey platform, Lighthouse as well as any related portals or platforms controlled or managed by Mercer Talent Enterprise may be used as below.
Assessment Data
We will use your personal information, your assessment and results data, such as your personality test scores, your ability test scores, your Talent Discovery Centers® or your Talent Learning Center® feedback etc. as well as data provided by our Clients, Partners or Third Parties on their behalf.
Please note that the assessment and results data shared would typically not include your ‘raw’ data or ‘actual’ responses, but your ‘normed’ or ‘interpretative’ data which has been analysed, scored or interpreted by Mercer Talent Enterprise on the Lighthouse platform, any related portals or platforms controlled or managed by us, by third party test publishers, as well as by Mercer Talent Enterprise employees, affiliates and / or experts.
This is in order for your data to be represented and interpreted most accurately and objectively as per the Code of Good Practice for Psychological Testing of the British Psychological Society (BPS) as well as with Mercer Talent Enterprise’s Guidelines for the Ethical Use of Assessments.
Below are the ways in which your data may be used:
- To use your assessment and results data to create summary and in-depth insights and reports to authorised representatives of our Clients, including Partners or Third Parties (known as “Individual Assessment Reports”).
- With prior approval from our Clients, Partners or Third Parties, provide you with some or all of your Individual Assessment Reports and feedback. Please note that the dissemination of your assessment reports, results and feedback is the sole responsibility of our Clients or Partners. Mercer Talent Enterprise will only provide your results based on the specific direction and requirements from our Clients or Partners. Participants taking the assessments are not guaranteed access to their individual results unless our Clients or Partners wish us to do so.
- In most cases, especially in the case of psychometric assessments such as personality tests, ability tests etc. we would compare your assessment and results data as well as data provided by our Clients, Partners or Third Parties with anonymised benchmark data to help understand how your data may compare to similar demographic or representative groups for the purposes of career fit, hiring and selection, talent identification, talent development, succession planning, talent transformation etc.
- We may also provide the authorised representatives of our Clients, including Partners or Third Parties with in-depth analysis and insights at a team, group, departmental or organizational level (known as “Organisational Strategic Insight Reports”).
- In order to meet our performance and / or contractual obligations, and to manage and administer our services, we may also provide a copy of the assessment and results data to our Clients, Partners or Third Parties for use by them for their own records or for internal human resource management purposes. This may include a technology integration with an ATS, ERP, LMS, LXP or related portal or platform or be shared manually in a safe, password protected or encrypted format.
- Your data will only be shared with authorised personnel representing our Clients, Partners of Third Parties who may be your current employer, your past employer, your potential employer, an educational institution or a governmental organisation.
- It would be the responsibility of our Clients, Partners or Third Parties to ensure that all authorised personnel involved in the access, analysis or interpretation of your assessment data, results and reports has been suitably trained and accredited at the appropriate level to do so.
- It is the responsibility of the authorised personnel representing our Clients, Partners or Third Parties to not share your data who has not been explicitly authorised without prior written approval of Mercer Talent Enterprise.
- It would be the responsibility of our Clients, Partners or Third Parties to ensure that they use the assessment and results data to make objective and fair decisions for purposes such as career fitment, hiring and selection, talent identification, talent development, succession planning, talent transformation etc., including ensuring compliance with company policies and applicable laws and regulations.
- We warrant that we will never rent or sell your personal data to any organisation, affiliates or third parties.
360 and Multi-Rater Feedback Data
- In the case of 360 and multi-rater surveys, we are committed to protecting the privacy and anonymity of reviewers or evaluators.
- We would only share collective or group feedback for categories of reviewers such as ‘peers’, ‘direct reports’, ‘indirect reports’ etc. for 3 reviewers or more. Any data less than this is clubbed under the category of ‘other.
- This is not the case for the categories of ‘self’ and ‘line manager’ where there is only one respondent and the scores may be shared.
- In terms of individual and organizational report sharing, the same guidelines as above under the Assessment Data category would apply.
Organisational Survey Data
- In the case of organizational surveys, such as employee engagement, employee culture, digital transformation surveys, custom employer surveys etc. we are committed to protecting the privacy and anonymity of employees or survey respondents.
- In the case of organizational surveys, we would only share collective or group feedback where we have data from 5 or more employees or survey respondents. Any data less than this will be clubbed into another larger category.
- In terms of organizational report sharing, the same guidelines as above under the Assessment Data category would apply.
Other Purposes for Use of Data
- We may use your personal information, assessment and results data for research and development (R&D) purposes. Data from our assessments, surveys and diagnostic tools may be used to create norm groups, benchmarks and overall trends and insights, including analysing aspects such as gender, age and cultural background data to ensure fairness, accuracy and objectivity of results.
Data Anonymity
We commit to retaining personal information, including assessment and results data, individual and organizational reports for 18 months, after which we remove all personal information from our database, unless different terms have been agreed with our Clients or Partners.
Any research data retained thereafter (in order to produce statistics of the type described in our technical product manuals, e.g. psychometric norms and validity data no longer constitutes personal data as it is anonymised and aggregated on our systems prior to research use, at which point no individual is identified or identifiable from such data. We may also retain your personal information longer where necessary to commence or defend legal claims, and to comply with our regulatory obligations (including record retention obligations).
This also means, that we will not be able to provide any additional information about any of our Participants, whether as employees, potential employees, students or beneficiaries after 18 months. Any additional information, assessment and results data and reports requested about a Participant after 18 months will require the Participant to re-take the assessments.
Legal Basis for Processing Personal Information (EEA users only)
If you are accessing our website, Lighthouse or any related platforms or portals from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, or where we need the personal and / or sensitive information in order to meet our performance and / or contractual obligations to you, or from our Clients, Partners or Third Parties who ask us to process your personal data on their behalf because you are their employee, potential employee, student or a related beneficiary.
Under EEA, UK and similar data protection laws, Mercer Talent Enterprise must have a legal basis to process your personal information. In most cases, the legal basis will be one of the following:
- To comply with our legal obligations.
- With your consent. You have the right to withdraw your consent at any time by contacting us using the contact details below.
- In order to meet our legitimate interests and to fulfil our performance and / or contractual obligations to our Clients, Partners or Third Parties.
Mercer Talent Enterprise has achieved and adheres to the data protection quality standards as specified in the international standard ISO: ISO:27001 and complies with relevant best practice outlined in the General Data Protection Regulations (GDPR) of the European Union, amongst others. Please refer to this Privacy Policy, along with the policies and guidelines of your current employer, your past employer, your potential employer, your educational institution, governmental organisation or relevant country of residence standards for further information of your data rights and obligations and how to exercise them.
Mercer Talent Enterprise also complies with the Code of Good Practice for Psychological Testing of the British Psychological Society (BPS) as well as with our Guidelines for the Ethical Use of Assessments. This means that anyone at Mercer Talent Enterprise or acting on behalf of Mercer Talent Enterprise who analyses, interprets or makes decisions based on your assessment data is suitably trained to do so and has signed the relevant data protection clauses in their contract, consistent with this privacy policy.
All our Clients, who may be your current employer, your past employer, your potential employer, your educational institution or governmental organisation, as well as our Partners and related affiliates must ensure all of their team members involved in the access, analysis, or interpretation of your assessment data, results and reports has been suitably trained and accredited at the appropriate level to do so.
Disclosure of Your Personal Information, Assessment and Results Data
In addition to disclosing your personal information, your assessment and results data in order to meet our performance and / or contractual obligations to our Clients, Partners or Third Parties, we may disclose your data for the below purposes on an exceptional basis.
- To comply with any legal obligation, or in order to enforce any statutory requirements, or to protect our rights, property, or safety or those of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of data security and fraud protection. This may include laws outside your country of residence.
- Incase Mercer Talent Enterprise sells our business or assets of our business in part or in full, we may disclose your personal data to the prospective buyer of the business or assets. We may also disclose your personal data to a vendor of another business or assets that Mercer Talent Enterprise may be acquiring or to fulfil a joint venture or merger obligation. If our business or assets are acquired by a third party, any personal information, assessment data and all other information about you, and held about our Clients, Partners, Third Parties will be transferred accordingly.
- In order to facilitate the assessment process and to meet our performance obligations, information about you may also be passed to our Partners, related Third Parties including external suppliers from time to time and their respective suppliers. This may include (but not limited to) cloud hosting providers, database portals, email marketing and communication services and portals etc. as well as ATS, ERP, LMS, LXP or related portals or platforms our Clients and Partners may already be using.
International Data Transfers
Due to the global nature of our business, we may need to appoint external parties to process data containing information about you on our behalf as a Data Processor, or store such information in, or transfer it to persons located in, countries outside of the European Economic Area (“EEA”). These countries may not have data protection laws equivalent to those which are in force in the EEA to protect your information. Where we transfer your information to such external data processors and/or third parties outside of the EEA and/or process your information outside the EEA, we shall try to ensure that they provide sufficient guarantees in respect of the technical and organizational security measures and take reasonable steps to ensure their compliance with those measures in order to ensure your information is adequately protected in accordance with applicable data protection laws. However, privacy laws in these countries may not provide protections equivalent to those of your country of residence. Your data may also be processed by employees, staff, partners or third parties operating outside EEA who may work for us, our partners or other affiliates. Mercer Talent Enterprise is not liable for any significant or serious breaches or violations directly or indirectly caused by external or third parties, which are outside the control of Mercer Talent Enterprise.
Your Rights
We have listed the rights you have over your personal information and how you can use them below. Please note that your consent is given voluntarily by you and you may amend, change or withdraw such consent at any time.
Your rights are subject to exemptions in applicable law and will only apply to certain types of information or processing. Mercer Talent Enterprise shall not be responsible for or subject to any liability resulting from any change to your potential or continued employment status that may result from either your taking of the assessment(s) or your decision to withdraw your consent to the processing of the data you provide.
Your current employer, past employer, potential employer, your educational institution, a governmental authority may also be Data Controller in some cases, so you should contact them directly if you want to exercise a right over data for which they are Data Controller.
When Mercer Talent Enterprise is the Data Controller, your rights are as below:
- You may ask us to review, make amendments or withdraw your personal information.
- You can ask us to confirm if we are processing your personal information and, if we are, you can ask for access to that personal information as well as further details including why your data is being used and for what purposes.
- You can ask to correct your personal information held by us if you believe it is erroneous or contains omissions.
- You can ask to restrict how your personal information is used.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the ‘unsubscribe’ or ‘opt-out’ link in the marketing emails we send you.
- Incase of any requests, you would need to clarify what personal information you would like to have changed or removed, whether you would like to have your personal information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personal information. We may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and / or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
To exercise your rights, please contact us using the contact information below. Please note that we may not always be able to fully address your request. As an example, if it impacts our legal, contractual or performance obligations, if it impacts the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You also have a right to make a complaint to a Supervisory Authority in your local country or jurisdiction.
Where your current employer, past employer, potential employer, your educational institution, a governmental authority or a Partner or Third Party is the Data Controller, you can contact the regulator in the location where they are based.
Payment Records
All credit/debit card details and personally identifiable financial information will not be stored, sold, shared, rented or leased to any Third Parties. Mercer Talent Enterprise will never pass your financial details to any third parties. Mercer Talent Enterprise takes appropriate steps to ensure data privacy and security including through the operation of a variety of hardware and software methodologies. However, we cannot guarantee the security of any financial information that is disclosed online through our website, www.thetalententerprise.com, or any related platforms or portals. Mercer Talent Enterprise is not responsible for the privacy policies Third Party processors, portals or websites to which it links. If you provide any information to such Third Parties, such as payment gateways, different rules regarding the collection and use of your personal information may apply. You should contact these Third Parties directly if you have any questions about their use of the information that they collect.
Change to Data Privacy Policies and Our Terms and Conditions
Our Privacy Policy and all other related terms and conditions may be changed or updated occasionally to meet new requirements and standards of privacy and to reflect our terms and conditions of sale. Therefore, you are encouraged to frequently visit these sections to be updated about the changes on the website. Modifications will be effective on the day on which they are posted.
How to Contact Us
You may also contact us at dpo@thetalententerprise.com regarding any questions or concerns about our use of your personal information and / or if you wish to find out more or exercise your data protection rights.
We respond to all requests we receive from individuals at the above address (dpo@thetalententerprise.com) wishing to exercise their data protection rights in accordance with applicable data protection laws within 78 hours on working days.