Privacy Policy 

November 2023

The personal information principles of Mercer (Australia) Pty Ltd and its subsidiaries.

About this policy

Mercer and its subsidiaries (Mercer, we, our or us) are committed to ensuring the privacy of personal information of the individuals we deal with. This Privacy Policy explains how Mercer manages the personal information we hold in relation to the products and services we offer. 

Mercer is subject to the Australian Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (APPs) as an APP entity (organisation). The APPs aim to ensure that organisations that hold personal information about people, handle that information responsibly. 

Mercer respects an individual’s right to privacy and we comply with the requirements of the Act and the APPs in respect of the collection, management, use and disclosure of personal information.

In accordance with the Act, Mercer will only collect personal information that we require, to offer and administer our products and services or manage the employment of our staff.

Mercer manages all potential breaches of privacy in accordance with the Notifiable Data Breach requirements under Part 3C of the Act.

What is personal information?

When used in this policy, the term ‘personal information’ has the meaning given to it in the Act. In general terms, personal information is information or an opinion that can be used to reasonably identify you, whether the information or opinion is true or not.

This includes any information we collect from you directly, or from a third party such as your employer, in order to offer you a service or product. It may include, but is not limited to, your name, address, date of birth, contact details including email address, Tax File Number, occupation, financial information and/or any additional information you provide to us directly or indirectly through a website or via a representative.

Personal information may also include ‘sensitive information’.

What is sensitive information?

Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional trade or association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information or biometric information.

Mercer will not collect sensitive information about you without your consent unless it is required by Australian law, or other limited exemptions apply.  Mercer may collect health information about you if the information is reasonably necessary for the provision of a related service (e.g. health insurance).  

Collection of your personal information

Generally, we are required to collect personal or sensitive information directly from you in the course of offering and administering our products and services and managing the employment and engagement of our staff and contractors. The information we may collect includes:

  • name;
  •  address;
  • date of birth;
  • contact details (including telephone and email);
  • gender;
  • occupation;
  • Tax File Number;
  • Salary information;
  • relevant financial information; 
  • health, medical or lifestyle information relevant to an insurance product;
  • health, medical, financial, social and other information relevant to aged care and living arrangement advice;
  • employment history and other information collected during the recruitment process; and
  • any additional information relating to you that you provide to us directly through our websites or indirectly through our websites or online presence such as ‘cookies’.

Where relevant, your personal information may also be provided to us via a third party such as your employer, other superannuation or investment fund, recruitment company, financial adviser or other representative authorised by you, as well as publicly available sources.  

The purpose of collecting personal information

We will only collect personal information about you where it is reasonably necessary for one or more of the activities or functions that we undertake for you, your employer or the trustee of a superannuation fund. Where it is reasonable and practicable to do so, we will collect the personal information from you directly. 

We collect your information in order to provide the following services and products and to manage the employment and engagement of our staff and contractors and to give you information about these matters:

  • for superannuation and investment services, to manage your superannuation benefits;
  • for financial advice services, to provide you with financial advice and implement your instructions in relation to your finances;
  • to provide any consulting or other services you may request, including aged care and living arrangement advice;
  • for handling any complaints, enquiries or disputes regarding our services, products and your employment with Mercer;
  • for handling insurance claims, to manage and assess your claim, and manage subsequent correspondence in relation to your claim; and
  • for recruitment purposes, to manage your employment application and, if you are successfully placed in a position at Mercer, your ongoing employment.

If you do not provide the personal information requested, we may not be able to provide you with these services and products or continue with your recruitment or employment.

The information that we collect from you may be shared or aggregated with information our related companies may collect from you. We may also use it to supply you with information about the other products and services offered by us and our related companies.

Anonymity and pseudonymity

Mercer understands that anonymity and pseudonymity are important elements of privacy and that an individual may wish to have the option of not identifying themselves, or of using a pseudonym when dealing with an organisation. Where it is possible, Mercer will allow an individual the opportunity to remain anonymous or to use a pseudonym when dealing with us unless we are required or authorised by or under an Australian law, court or tribunal order to require individuals to identify themselves or it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym.

It is important to note that many of Mercer’s products or services require us to either obtain personal information or to identify the individuals that we are dealing with. If you decide not to provide us with the information required we may not be able to provide the service or product. Where the information not provided is health information, the non-provision of this information may limit or preclude the death or disability benefits available to you through a superannuation fund or other insurance arrangement.  In the case of advice or consulting services, you may not be able to receive accurate or appropriate advice.

Use and disclosure

Mercer collects, uses and discloses personal information about individuals for the primary purpose of providing a product or service and the recruitment and employment of staff and contractors as a part of conducting our business operations.


Our business model includes the provision of:

  • Administration and consulting services, including actuarial and investment consulting to our clients such as employers, superannuation fund trustees and other organisations;
  • Consulting services across a range of strategic people issues including human resource consulting, performance and reward consulting, information services, employee benefit consulting, communication and health care;
  • Financial Advice and related services;
  • Superannuation, pension and savings options such as those provided through the Mercer Super Trust; and
  • Aged care and living arrangement advice.


We use and disclose personal information to:

  • provide products, services or financial advice to individuals and to send communications requested by them;
  • answer enquiries and provide information or advice about new or existing products or services;
  • manage and assess insurance claims;
  • provide access to protected areas of our website;
  • provide marketing information and materials (including direct marketing), product or service development and research purposes;
  • perform data analytics for marketing, product or policy development;
  • keep your contact details up-to-date;
  • investigate and respond to any complaint and deal with any subsequent dispute resolution process;
  • manage applications for employment with us and any subsequent employment; and
  • comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (where relevant).


We may disclose your information to:

  • related bodies corporate, contractors or other business support service providers for the purposes of the operation of our business, products and services such as administration, document storage warehouses, printing and mail houses, couriers, payment system operators, debt collectors and authorised professional advisers such as accountants, solicitors, and consultants;
  • your financial adviser or other third-party appointed by you;
  • our data hosting and IT (related and non-related party) service providers who may be located or store data in other countries;
  • insurers, medical practitioners, claims assessors and investigators;
  • other Mercer companies which need to use the information to provide products or services to you;
  • actuaries or consultants engaged by the trustee of your superannuation fund in order for to provide services related to the superannuation fund or pension;
  • other superannuation, pension and investment fund trustees or administrators should you transfer your investment to another fund;
  • referees, recruiters and employment screening service providers for the purposes of considering applications for employment;
  • as required by law, to government bodies such as the Australian Taxation Office (ATO), the Office of the Australian  Information Commissioner (OAIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC).


Mercer is required to collect and use certain government related identifiers such as Tax File Numbers when providing certain services to our employees, members and clients. Mercer is not permitted to and does not adopt government identifiers as identifier of the individual. Mercer does not use or disclose government related identifiers in any way that is inconsistent with the purpose for which they were originally issued other than where it is required or authorised by or under an Australian law or a court/tribunal order.

Security

Mercer places a high priority on the security of personal information, and we are committed to protecting the personal information that you provide to us.  We take reasonable steps to ensure that your personal information is secure and we use and maintain appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data that we use and hold.

Where practical, your personal information is de-identified or destroyed when it is no longer required.

Where Mercer becomes aware of an actual or potential unauthorised access or disclosure of your personal information, we will ensure that the potential breach is managed by Mercer in accordance with the Notifiable Data Breach requirements under Part 3C of the Act. This may include notifying both you and the Privacy Commissioner where that breach is likely to result in serious harm as defined by the Australian Privacy Act 1988 (Privacy Act). 

Privacy on the Internet

We take care to ensure that the information you give us via our websites is protected. Mercer uses and maintains appropriate safeguards to prevent the unauthorised access to or use of your personal information and data. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data which may be transmitted via the internet.

We use ‘cookies’ to store information provided by your browser when you visit our websites. This includes the date and time of your visit, the pages accessed and any documents downloaded. This enables us to keep track of products or services you view so that, unless you have opted out, we can send you news about those products or services. We also use cookies to measure demographic usage patterns to determine which areas of our website have been visited and to improve our services.

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

The security of information transmitted on the internet will also require you to take specific measures to protect against unauthorised access or use. These include:

  • ensuring that you do not divulge your password or PIN to anyone;
  • ensuring that your access codes and passwords are kept secure; and
  • notifying us immediately if you believe that your access codes, password or PIN have been compromised. 

Access and correction

Mercer aims to ensure that the personal information we hold about individuals is accurate, up-to-date and complete. We will take reasonable steps to ensure the quality of your personal information at two distinct points in the information handling process: collection and use or disclosure.

If you advise us that the information that we hold about you is not accurate, up-to-date or complete, we will take reasonable steps to correct your information.  Where Mercer is the administrator for your superannuation fund, you can access or correct your personal information by contacting the Fund Administrator directly via the Helpline. Otherwise you may request access to your personal information by contacting Mercer’s Privacy Officer (see the ‘Contacting Us’ section below). The Mercer Privacy Officer will need to establish the identity of the individual requesting the information prior to providing it.

There are a number of situations where Mercer may deny an individual access to personal information.  These can include circumstances where it would have an unreasonable impact on the privacy of other individuals, the information relates to existing or anticipated legal proceedings, we have reason to suspect that unlawful activity or misconduct of a serious nature is being or may be engaged in, where Mercer’s Privacy Officer reasonably considers the request to be frivolous or vexatious or where the law requires or authorises such access to be denied.  Mercer’s Privacy Officer will advise you if any of these or other circumstances apply.

In some instances where information is being supplied, Mercer may apply a charge for the production and supply of that information in accordance with the Privacy Act. You will be notified of any such charge or fee prior to its application.

Cross-border disclosure

Mercer outsources some of its activities and may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above.

This includes Mercer’s ultimate shareholder, Marsh McLennan Companies, a public company listed on the New York Stock Exchange. We take reasonable steps to ensure that the overseas recipients of your information do not breach the privacy obligations relating to your personal information. At the end of this policy is a list of countries where we may disclose your personal information in the course of providing products or services to you.

Direct marketing

Mercer may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms including mail, fax and electronic media such as email and SMS and social media such as Twitter and Facebook, in accordance with applicable marketing laws such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from Mercer by using the opt-out facilities provided within the marketing communications.

Mercer does not share, sell, rent or disclose your personal information to other organisations other than as described in this Privacy Policy.

Contact us

If you have any questions about this privacy policy, would like to know more about Mercer’s personal information principles, or if you have any concerns or would like to make a complaint regarding the treatment of your personal information, you can contact Mercer’s Privacy Officer using the details set out below.

We treat any concerns or complaints that you may have with respect and confidentially. A privacy representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

You can contact the Mercer Privacy Officer by:

  • Email          privacy@mercer.com
  • Phone        1300 136 202
  • Post            GPO Box 4303, Melbourne VIC 3001


If your concerns are not resolved to your satisfaction or you would like further information in regards to the Act, the matter can be referred to the Office of the Australian Information Commissioner on 1300 363 992.

Changes to our privacy policy

Mercer reserves the right to change this policy from time-to-time as necessary. We encourage you to check our website for any updates to this policy.

This privacy policy was last reviewed and updated in November 2023.

Offshore disclosure

Below is a list of countries outside Australia where in the course of providing our products and services, we may disclose personal information.

  • United Kingdom 
  • United States 
  • India 
  • New Zealand 
  • Bermuda 
  • Singapore 
  • Poland
  • Malaysia 
  • Philippines 
  • Ireland