Personal Data Protection Summary Statement (Singapore)

Mercer (Singapore) Pte Ltd (“Mercer”), in coordination with its parent company, Marsh & McLennan Companies, (“the Company”), maintains various administrative, technical, and physical safeguards to protect personal data maintained by Mercer, whether this data is contained in paper or electronic records. These measures are designed to ensure:

  • The security and confidentiality of personal data;
  • Protect against anticipated threats or hazards to the security or integrity of this data; and
  • Protect against unauthorized access to or use of personal data in a manner that creates a substantial risk of identity theft or fraud.


In summary, Mercer's approach to personal data protection includes the following measures:


  • Development of policies and standards that are required, from time to time, to remain consistent with the requirements of applicable laws and regulations and key designates (where appropriate) to maintain the program, policies and procedures as they relate to the protection of personal information;

  • An information security program that includes technical, physical and administrative safeguards and procedures, required participation in annual privacy and information security training, and regular testing and monitoring of privacy and information security controls to ensure compliance and consider improvements;

  • Implementing and overseeing employee training and communications;

  • Addressing any data protection issues, including employee compliance and personal information access, that may arise from time to time, and provide input to Mercer regarding the imposition of disciplinary measures for violations of applicable data privacy policies and standards; and,

  • Taking all reasonable steps (e.g. through the imposition of binding contractual obligations) to verify that any third-party service provider with access to personal information has the capacity to protect such information in the manner consistent with Mercer’s commitments and the requirements of applicable laws and regulations, and that any such third party service provider applies protective security measures at least as stringent as those required by applicable laws and regulations.


To the extent appropriate privacy and information security measures are not already in place, Mercer will implement additional appropriate technical, physical and administrative safeguards and procedures designed to protect personal data and prevent against its unauthorized use, loss, destruction or damage. If Mercer receives personal data from its clients, Mercer shall be entitled to assume that any such disclosure of personal data to Mercer is in full compliance with all relevant data protection and privacy laws.

All employees are subject to the applicable requirements set forth in both the Company’s policies and standards. Violations may result in disciplinary action by Mercer, up to and including termination of employment. In addition, it is contrary to the Company’s Code of Conduct to retaliate against anyone who reports a violation of this program or who cooperates in an investigation regarding non-compliance.

If you would like more information, you may contact us at