Mercer Advisors’ California Consumer Privacy Policy

Last Updated: May 10, 2024

If you are a natural person residing in California, then you are a California consumer, and this Policy applies to you. California consumers have certain privacy rights under the California Consumer Privacy Act (CCPA).

1. CALIFORNIA CONSUMER PRIVACY ACT

This Policy describes your CCPA privacy rights and how you may exercise them. It also describes Mercer Advisors’ information practices relating to your personal information, and it supplements our general privacy policy.

We are subject to requirements under the CCPA because we collect, use, disclose, and share the personal information of California consumers. This is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or California household. But it does not include publicly available information and de-identified or aggregated information. And the CCPA does not cover personal information subject to the Gramm-Leach-Bliley Act (GLBA) and its implementing rule, Regulation S-P (Reg S-P).

We collect, use, and disclose personal information subject to the GLBA and Reg S-P, which is any information (1) provided by a California consumer in connection with obtaining or seeking to obtain a financial product or service primarily for personal, family, or household purposes, whether or not we establish a continuing relationship with the consumer; (2) about a California consumer resulting from a transaction involving a financial product or service; or (3) otherwise about a California consumer in connection with providing a financial product or service primarily for personal, family, or household purposes. But this information does not include information about consumers who are participants or beneficiaries of an employee benefit plan in which Mercer acts as a trustee or fiduciary; individuals who designated Mercer as trustee for a trust; or beneficiaries of trust for which Mercer is a trustee. In short, the CCPA does not cover most of the personal information of California consumers that we collect because that information relates to providing those consumers with a financial product or service. Still, the CCPA (and this Policy) covers some of the personal information of California consumers that we collect.

2. PERSONAL INFORMATION THAT WE MAY HAVE COLLECTED, USED, DISCLOSED

In this section, we describe our information practices. In particular, we identify the categories of personal information that we may have collected in the preceding twelve (12) months; the categories of sources from which we may have collected that personal information; the business or commercial purposes for which we may have collected that personal information; the categories of personal information we may have disclosed for a business purpose to a third party in the preceding twelve (12) months; the categories of third parties to whom we disclosed the personal information; and the specific business purpose for disclosing the personal information.

The third parties to whom we may have disclosed the following personal information consist of service providers and contractors. Service providers (1) process personal information on our behalf and (2) receive the information (from us or on our behalf) for a business purpose. Contractors also receive personal information for a business purpose but only from us.

1. IDENTIFIERS

We may have collected consumers’ names, postal addresses, IP address email addresses, Social Security numbers, driver’s license numbers, passport numbers, and other similar identifiers from the following sources:

• Webforms.
• Cookies and other automatic data collection technologies.
• Job applications, HR files, payroll forms, benefit forms, and other employment-related records.
• Education records.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• HR, staffing, travel, payroll, or benefits administration.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.
• Hiring applicants; managing employees; or administering payroll and benefits.
• Conducting due diligence regarding a product or service; or providing or receiving a product or service to or from a business.
• Capturing inquiries or other communications from consumers.
• Documenting interactions with consumers to ensure quality of services.

2. CALIFORNIA CUSTOMER RECORDS

We may have collected consumers’ names, postal addresses, and telephone numbers from the following sources:

• Webforms
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide the following services:

• Advertising and marketing.
• Customer relationship management.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.

3. CHARACTERISTICS OF PROTECTED CLASSIFICATIONS

We may have collected consumers’ ages (including date of birth) and genders from the following sources:

• Webforms.
• Job applications, HR files, payroll forms, benefit forms, and other employment-related records.
• Education records.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• HR, staffing, travel, payroll, or benefits administration.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.
• Hiring applicants; managing employees; or administering payroll and benefits.

4. COMMERCIAL INFORMATION

We may have collected consumers’ payroll and benefits information and purchasing or consuming histories or tendencies from the following sources:

• Webforms.
• Cookies and other automatic data collection technologies.
• Payroll forms, benefit forms, and other employment-related records.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• Payroll or benefits administration.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.
• Administering payroll and benefits.

5. INTERNET OR OTHER ELECTRONIC NETWORK ACTIVITY INFORMATION

We may have collected consumers’ browsing histories, search histories, and other information about consumers’ interactions with websites, applications, and advertisements (including our own), as well as about our employees’ interactions with our network systems, devices, email, applications, and platforms, from the following sources:

• Cookies and other automatic data collection technologies.
• Logs and audit trails.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.
• Verifying or maintaining the quality, safety, security, and integrity of our website.

6. GEOLOCATION DATA

We may have collected consumers’ physical locations and movements from the following sources:

• Cookies and other automatic data collection technologies.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.

7. PROFESSIONAL OR EMPLOYMENT-RELATED INFORMATION

We may have collected consumers’ job titles, job histories, professional licenses, credentials, references, performance and other evaluations, and other professional information from the following sources:

• Job applications, HR files, payroll forms, benefit forms, and other employment-related records.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• HR, staffing, travel, payroll, or benefits administration.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Hiring applicants; managing employees; or administering payroll and benefits.

8. EDUCATION INFORMATION

We may have collected consumers’ grades, degree attainment, qualifications, and other education-related information from the following sources:

• Transcripts, diplomas, certificates, and other education-related records.
• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• HR, staffing, travel, payroll, or benefits administration.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Hiring applicants; managing employees; and administering payroll and benefits.

1. PERSONAL INFORMATION REFLECTING A BUSINESS-TO-BUSINESS COMMUNICATION OR TRANSACTION

We may have collected consumers’ written or verbal communications or involvement in a transaction between consumers and Mercer Advisors from the following sources:

• Email, text or chat messages, and audio or video recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Email, text, chat, audio, video, or other forms of communication.

We may have collected this information for the following purposes:

• Conducting due diligence regarding a product or service; or providing or receiving a product or service to or from a business.

10. AUDIO, VISUAL, OR SIMILAR INFORMATION

We may have collected consumers’ voices, appearances, and other physical characteristics from the following sources:

• Voicemails and other audio recordings.
• Video chat recordings.
• Employee images.
• Security camera recordings.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• Email, text, chat, audio, video, or other forms of communication.
• Infrastructure and security.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.
• Capturing inquiries or other communications from consumers.
• Documenting interactions with consumers to ensure quality of services.
• Conducting due diligence regarding a product or service and providing; or receiving a product or service to or from a business.
• Ensuring the security of our workplaces.

11. INFERENCES DRAWN FROM OTHER PERSONAL INFORMATION

We may have collected profiles reflecting consumers’ preferences, psychological trends, predispositions, behaviors, attitudes, and abilities from the following sources:

• Webforms.
• Cookies and other automatic data collection technologies.
• Email, text or chat messages, and audio or video recordings.
• Publicly available information.

We may have disclosed this personal information to third parties that provide us with services relating to:

• Advertising and marketing.
• Customer relationship management.
• Email, text, chat, audio, video, or other forms of communication.

We may have disclosed this information to these third parties for the following purposes:

• Providing advertising and marketing services.
• Identifying consumers who could be prospective clients.

12. SENSITIVE PERSONAL INFORMATION

We may have collected the following sensitive personal information through job applications, HR files, payroll forms, benefit forms, other employment-related records, email, text or chat messages, or audio or video recordings. We may have collected this information to hire applicants, manage employees, administer payroll and benefits, and perform other related services.

• Social security number, driver’s license, state identification card, or passport number.
• Racial or ethnic origin, religious or philosophical beliefs, or union membership.
• Personal information about a consumer’s health.
• Personal information about a consumer’s sex life or sexual orientation.

We may have also collected the contents of our employee’s mail, email, and text messages where we are not the intended recipient (such as the content of emails that employees send to third parties, which may include personal emails sent using their work email address).

We do not use or disclose sensitive personal information for reasons other than to perform services or provide goods reasonably expected by an average consumer who requests those goods or services.

3. THIRD-PARTY COLLECTION OF PERSONAL INFORMATION

We allow one of our service providers to collect internet or other electronic network activity information through our website. You can find information about the service provider’s information practices in its privacy policy.

4. PERSONAL INFORMATION THAT WE MAY HAVE SHARED WITH THIRD PARTIES

In this section, we describe the categories of personal information that we may have shared with third parties in the preceding twelve (12) months; the categories of third parties to whom we may have shared the information; and the business or commercial purpose for sharing the personal information. We have not shared sensitive personal information with third parties in the preceding (12) months. These third parties are not service providers or contractors. 

1. IDENTIFERS, CALIFORNIA CUSTOMER RECORDS, CHARACTERISTICS OF PROTECTED CLASSIFICATIONS, COMMERCIAL INFORMATION, INTERNET OR OTHER ELECTRONIC NETWORK ACTIVITY INFORMATION, GEOLOCATION DATA, AND INFERENCES DRAWN FROM OTHER PERSONAL INFORMATION

We may have shared the following personal information with third parties that engage in advertising and marketing activities, including cross-context behavioral advertising.

• Online identifiers, Internet Protocol addresses, or other similar information.
• Browsing histories, search histories, and information about consumers’ interactions with websites, applications, and advertisements, including our own website and advertisements.
• Records reflecting consumers’ purchasing or consuming histories or tendencies.
• Profiles reflecting consumers’ preferences, psychological trends, predispositions, behavior, attitudes, and abilities.
• Physical location or movements.

We may have shared this information with third parties for the following purposes:

• Remarketing our products or services to consumers through third-party vendors on sites across the Internet.
• Targeting advertising and serving ads relevant to consumers’ interests.
• Allowing consumers to share content with social networks.
• Identifying consumers who could be prospective clients.

5. WE DO NOT SELL PERSONAL INFORMATION

We have not sold personal information, including sensitive personal information, to any third party in the preceding twelve (12) months and will not sell personal information until further notice. If decide to sell personal information that we collect in the future, we will let you know in an update to this Policy.

6. PERSONAL INFORMATION OF CONSUMERS UNDER 16 YEARS OF AGE

Since we have not sold personal information in the preceding twelve (12) months, we have not sold the personal information of consumers under 16 years of age. We do not have actual knowledge that we have shared the personal information of consumers under 16 years of age.

7. HOW LONG WE RETAIN PERSONAL INFORMATION

We will retain collected personal information for as long as necessary to fulfill the purposes we have outlined above unless applicable law requires us to do otherwise, which could include retaining the information for at least 5 years after the end of the fiscal year in which we last used the information.

8. YOUR RIGHTS UNDER THE CCPA

As a California consumer, you have the following rights regarding your personal information.

1. RIGHT TO KNOW ABOUT AND ACCESS YOUR PERSONAL INFORMATION

You have the right to request that we describe the personal information about you that we have collected, used, disclosed, or shared in the preceding twelve (12) months. After we receive your request and verify your identity, we will provide you with one or more of the following, depending on your request: 

• The categories of personal information we have collected about you.
• The categories of sources from which we collected your personal information.
• The business or commercial purposes for collecting your personal information.
• The categories of personal information that we shared with third parties, and for each category identified, the categories of third parties to whom we shared that information.
• The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that category of personal information.
• The specific pieces of personal information that we collected about you.

You may only request to know about or access your personal information twice within a twelve (12)-month period.

2. RIGHT TO DELETE YOUR PERSONAL INFORMATION

You have the right to request that we delete any personal information about you that we have collected. But this right to delete your personal information does not apply to any of your personal information that is subject to an exception under the CCPA (as described below). After we receive your request and verify your identity, we will delete (and direct our service providers, contractors, and third parties to delete) your personal information that is not subject to any of the CCPA exceptions.

We may deny your request to delete if we need your personal information to:

• Complete the transaction for which we collected the personal information, provide you with a good or service that you requested, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you.
• Help to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for those purposes.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part of the Penal Code.
• To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information.
• Comply with a legal obligation.

If we deny your request, we will identify the reason(s) in our response to you.

3. RIGHT TO CORRECT INACCURATE PERSONAL INFORMATION

You have the right to request that we correct any inaccurate personal information that we have collected. After we receive your request and verify your identity, we will correct (and direct our service providers and contractors to correct) your inaccurate personal information.

4. RIGHT TO OPT-OUT OF THE SALE OR SHARING OF YOUR PERSONAL INFORMATION

You have the right, at any time, to direct us not to sell or share your personal information to third parties. After we receive your request, we will cease sharing (and instruct our third parties to stop sharing) your personal information.

5. RIGHT TO NON-DISCRIMINATION 

You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA. This right includes an employee, applicant, or an independent contractor’s right to not to face retaliation for exercising their CCPA rights. Except as permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you with a different level of service or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

1. HOW TO SUBMIT A REQUEST TO EXERCISE YOUR RIGHTS

To submit a request:

• Complete the CCPA Rights Request webform.
• Send an email to our Compliance Department at privacy@merceradvisors.com.
• Call us at 888.265.0274.

If emailing or calling, please provide us with the same information required for submitting a request through the webform.

10. HOW WE VERIFY YOUR REQUEST

To fulfill your request to know, request to delete, or request to correct, we must verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.

If you send us a request by calling the toll-free number or emailing the privacy email address, we will contact you using the phone number or the email address that we have on file. We will use this address to contact you if you submit a request through the CCPA Rights Request webform.

1. REQUEST TO KNOW CATEGORIES OF PERSONAL INFORMATION

To verify your identity, we must match at least two pieces of personal information provided by you with two pieces that we maintain about you.

1. REQUEST TO KNOW SPECIFIC PIECES OF PERSONAL INFORMATION

To verify, we must (1) match at least three pieces of personal information provided by you with three pieces that we maintain about you and (2) receive a signed declaration under penalty of perjury from you stating that you are the consumer whose personal information is the subject of the request.

1. REQUEST TO DELETE PERSONAL INFORMATION

To verify, we must match at least two or three pieces of personal information provided by you with two or three pieces that we maintain about you, depending on the risk of harm to you if we deleted the personal information that you have requested us to delete without authorization.

1. REQUEST TO CORRECT PERSONAL INFORMATION

To verify, we must match at least two or three pieces of personal information provided by you with two or three pieces that we maintain about you, depending on the risk of harm to you if we corrected the personal information that you have requested us to correct without authorization.

1. CONSUMERS WITH PASSWORD-PROTECTED ACCOUNTS

If you maintain a password-protected account with us, we will ask you to re-authenticate yourself before we complete your request.

If we suspect fraudulent or malicious activity on or from a password-protected account, we will not comply with a request until we use additional verification procedures to determine that the request is authentic and the consumer making the request is the person about whom Mercer has collected information.

If necessary, we will use non-accountholder procedures to verify the identity of the consumer.

1. TIMELINES FOR CONFIRMING AND RESPONDING TO REQUESTS

We will confirm receipt of your request to know, request to delete, or request to correct within ten (10) calendar days after receiving your request.

We will respond to your request to know, request to delete, or request to correct within forty-five (45) calendar days. However, in certain circumstances, we may require additional time to process your request, as permitted by the CCPA or other applicable law. We will advise you within forty-five (45) calendar days after receiving your request if such an extension is necessary and why we need an extension. Any disclosures we provide will only cover the twelve (12)-month period preceding our receipt of your request. If we cannot fulfill your request, our response to you will also explain the reason why we cannot fulfill your request.

We will respond to your request to opt-out of the sale or sharing of your personal information within fifteen (15) calendar days.

11. OPT-OUT PREFERENCE SIGNAL

An opt-out preference signal provides consumers with a simple and easy-to-use method by which consumers interacting with businesses online can automatically exercise their right to opt-out of sale/sharing. Through an opt-out preference signal, a consumer can opt-out of sale or sharing of their personal information with all businesses they interact with online without having to make individualized requests with each business.

To use an opt-out signal, consumers must either use a browser that supports an opt-out preference signal or download a browser plugin created by third-party developers. Opt-out preferences signals are also known as a Global Privacy Control (GPC) setting. As of January 2024, Google Chrome, Microsoft Edge, and Apple Safari do not support opt-out preference signals. And no device operating system has yet implemented support for opt-out preference signals.

12. SUBMITTING A REQUEST THROUGH YOUR AUTHORIZED AGENT

Authorized agents may exercise rights on behalf of California residents by submitting a request through the submission methods identified above and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on your behalf by providing signed permission from you. We may also require you to verify your identity with us directly or to confirm with us directly that you have provided the agent authority to submit the request.

13. CONTACT INFORMATION

If you have any questions or concerns about this Privacy Policy or our privacy practices, or to request this Privacy Policy in another format, contact our Compliance Department at privacy@merceradvisors.com.