Global Privacy Statement

 

  1. Introduction
  2. Collecting your information
  3. Processing your information
  4. Legal grounds for processing
  5. Accuracy of your information
  6. Recipients of your information
  7. Overseas transfers of your information
  8. Retention of your information
  9. Information Security
  10. Your Information Rights
  11. Direct Marketing
  12. Automated Decisions
  13. Complaints
  14. Contact us
  15. Changes to this Statement
  16. Aon Outbound Encrypted Emails

1. Introduction

This Global Privacy Statement (“Statement”) explains how Aon plc (NYSE: AON) and its affiliated companies and subsidiaries (“Aon”) collect, use and disclose your personal information, including the categories of personal information we process and the purposes for which we use it. Throughout this Statement, Aon may be referred to as “we”, “us”, “our” or “Aon”. A full list of the Aon group entities is available here.

This Statement applies to any personal information you provide to Aon and any personal information we collect when you contact us, visit or use our websites or applications, visit an Aon location, attend Aon events or seminars, request a service from us or use other services that refer to or link to this Statement (each, a "Service"). The personal information we collect varies depending upon the nature of the Services we provide and how you interact with us. This Statement may be supplemented by additional privacy statements, terms or notices relevant to the applicable Services.

The Aon group company who is responsible for, or administers, the Service is also responsible for processing the personal information provided to us or collected by or for the Service.

This Statement does not apply to your use of any third-party sites linked to from our websites or Services.

2. Collecting your information

2.1 Types of information we collect

The personal information we collect varies depending upon the nature of our Services. Where we collect sensitive personal information (such as special category or criminal offence data), this information is only collected where strictly relevant to the Services we provide and is done in accordance with applicable law.

The information we collect about you may include the following:

a. Contact details: such as your name, email, postal address, social media handle, and phone number
b. Unique identifiers: such as Passport Number, National ID, National Insurance Number or pension scheme reference number
c. Demographic details: such as your date of birth, age, gender, race, photo, marital status, lifestyle, and insurance requirements
d. Employment information: such as job title, employee number, employment status, salary, employment benefits, and employment history, qualifications and affiliations
e. Health information: such as medical records, health status and medical assessment outcomes
f. Benefits information: such as benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits e.g. voluntary contributions, pension sharing orders, tax protections or other adjustments
g. Financial information: such as credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details
h. Claims details: such as information about any claims concerning your or your employer’s insurance policy
i. Marketing and communications preferences: such as interests and preferred language
j. Online information: such as computer, device and connection information (e.g. IP address, browser type, operating system, unique device identifier), usage data collected when visiting our websites, device location information
k. Events information: such as information about your interest in and attendance at our events, including provision of feedback forms
l. Background checking information: such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offences, or confirmation of clean criminal records, information in relation to politically exposed persons (“PEPs”)
m. Comments, feedback or other information provided to us: such as social media interactions with our social media presence, comments provided on feedback forms or surveys and questions or information sent to our support services
n. Account login credentials: such as username and password, password hints and security information related to a Service we provide
o. Payment information: such as credit or debit card number and bank account details
p. Driving history, certifications and insurance details: such as driving licence details, the period for which a licence has been held, existing and previous insurance policy details, previous accident and claims history and details of any motoring convictions

 

2.2 Sources of information

We collect personal information about you in the following ways:

a. Information you provide directly to us: we collect personal information about you when you request a Service from us; visit an Aon site or attend an Aon event or seminar; apply for a position at Aon; through your use of our Services; provide comments, feedback or communicate directly with us
b. Information from your organisation: we may obtain personal information about you from the organisation with which you are employed or affiliated, in order to provide Services to them and/or manage your access to and use of the organisation’s Service
c. Information we collect automatically: we may collect certain types of information about you automatically when you use our Services, visit our websites or communicate with us online or through the e-mails that we may exchange. We may collect this information through the use of “cookies” or similar technologies such as web beacons, gif or pixel tags or other unique identifiers to measure online activity, provide more relevant advertising or analyse the effectiveness of communications or our promotional campaigns. Further information about our use of cookies can be found in our Cookie Notice and relevant Cookie Preference Centre at the footer of our page (where applicable)
d. Information from third parties: we may collect personal information about you from other third parties, such as recruitment agencies, insurers, underwriters, reinsurers, credit reference agencies, medical professionals, government bodies, claimants, sponsors, joint venture entities or business partners, as well as vetting and data validation agencies and other professional advisory service providers.

 

2.3 Impact of failing to provide information

You are required to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the Services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information, we reasonably require to fulfil these obligations, we may be unable to offer the Services to you and/or we may terminate the Services provided with immediate effect.

2.4 Information you provide relating to third parties

Where you provide personal information to Aon about third-party individuals (e.g. information about your spouse, civil partner, child(ren), dependents or emergency contacts), where appropriate, you should provide these individuals with a copy of this Statement beforehand or ensure they are otherwise made aware of how their information will be used by Aon. Where you provide information to us about your beneficiaries, we may require you to provide explicit consent on their behalf.

2.5 Information relating to children

Our Services are not directed to children, and we do not knowingly collect personal information from children. Certain Aon solution lines may process data related to children, such as their date of birth, address, and other identifiable information. This information is not collected directly from children, but from other parties such as from our client, the carrier, or directly from you as the parent or guardian of the child (e.g., so that the child may be named a beneficiary to an insurance policy or pension plan).

3. Processing your information

We will use the information we collect about you in connection with the Services to:

a. offer, administer and manage the Services provided to you, including providing initial and renewal quotations and client care information;
b. carry out due diligence, identity, credit reference, bankruptcy, sanctions, data validation, anti-money laundering, “Know Your Customer” and other business acceptance, vetting and risk management agency checks;
c. evaluate risks relating to your or your organisation’s prospective or existing insurance policy;
d. process payments, including your payments for the insurance premium and any mid-term adjustments;
e. administer, investigate and settle claims or complaints in relation to insurance policies and/or the Services provided;
f. facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders;
g. enforce our agreements, trace debtors and recover any outstanding debt in connection with the Services provided;
h. fulfil legal and regulatory obligations, resolve disputes and monitor compliance with the same;
i. transfer books of business to successors of the business in the event of a sale or reorganisation, including the planning and due diligence purposes both prior to closing and after a transaction has closed;
j. process applications for employment and inform recruitment decisions taken about appointments and new hires;
k. perform analytics for risk modelling purposes and to analyse trends;
l. conduct market research and canvass your views about the Services and to develop and improve our products and Service offerings generally;
m. offer other products and Services that may be of interest to our clients, prospective clients and individual representatives of our corporate clients, including sending newsletters, know-how, promotional material and other communications;
n. communicate with you and to respond to your requests, inquiries, comments and concerns;
o. research, audit, reporting and other business operations purposes, including determining the effectiveness of our promotional campaigns and evaluating business performance;
p. perform benchmarking, modelling, market research and data analysis associated with the development of new and existing processes, products and Services; and
q. invite you to events or seminars, including arranging and administering those events.

4. Legal grounds for processing

We rely on the following legal grounds to collect and use your personal information:

a. Performance of the service contract Where we offer Services or enter into a contract with you to provide Services, we will collect and use your personal information where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you.
b. Legal and regulatory obligations The collection and use of some aspects of your personal information is necessary to enable us to meet our legal and regulatory obligations. For example, Aon is licensed and regulated by certain industry regulators and is required to provide some services in accordance with relevant regulatory rules.
c. Preventing and detecting fraud We will use your personal information, including information relating to criminal convictions or alleged offences to prevent and detect fraud, other financial crime, and crime generally in the insurance and financial services industry.
d. Legitimate interests The collection and use of some aspects of your personal information is necessary to enable us to pursue our legitimate commercial interests.

For example, we have legitimate interests in:

  • providing professional Services across our global solution lines;
  • operating our business, and managing and developing our relationships with clients, suppliers and with you;
  • understanding and responding to inquiries;
  • receiving information from third parties and Aon affiliates to provide services;
  • sharing data in connection with mergers and acquisitions and transfers of business;
  • improving our Services; and
  • understanding how you and our clients use our Services and websites.

Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

e. Consent

We rely on your consent to collect and use personal information concerning any criminal convictions or alleged offences, specifically for the purpose of assessing risks relating to your prospective or existing insurance policy. We may also share this information with other insurance market participants and third parties where necessary to offer, administer and manage the Services provided to you, such as insurers and insurance underwriters, reinsurers, brokers and vetting agencies.

Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide the Services, we may be unable to offer you the Services and/or we may terminate the Services provided with immediate effect.

Where you choose to receive the Services from us you agree to the collection and use of your personal information in the way we describe in this section of this Statement. You also agree that such information may be collected and used for the above purpose by the insurance underwriter named in your insurance policy documentation. You should refer to the insurer’s privacy notice on their website for further information about their privacy practices.

f. Substantial public interest If applicable law allows, we may collect and use your information for a substantial public interest. For example, to prevent or detect unlawful acts or in public health.

 

4.1 Country specific exemptions

In certain circumstances, we may also rely on specific exemptions provided for under applicable local/national laws in the United Kingdom (“UK”), EU Member States or other countries worldwide. For example for insurance purposes or for determining benefits under an occupational pension scheme. The collection and use of some aspects of your personal information, such as information concerning your health, is necessary for insurance and/or occupational pension scheme purposes.

4.2 Country specific legal grounds for processing

We may also reply on specific legal grounds for processing provided for under applicable local/national laws in the UK, EU Member States or other countries worldwide. When relying on these, Aon has addressed these bases through jurisdiction specific privacy notices available at the top of this page.

5. Accuracy of your information

We rely on the availability of accurate personal information in order to provide the Services to you and operate our business. You should therefore notify us of any changes to your personal information, particularly changes concerning your contact details, bank account details, insurance policy details or any other information that may affect the proper management and administration of your insurance policy and/or the services provided to you.

6. Recipients of your information

We generally share your personal information with the following categories of recipients where necessary to offer, administer and manage the Services provided to you:

a. within Aon: we may share your personal information with other Aon entities, brands, divisions, and subsidiaries for the processing purposes outlined in this Statement;
b. insurance market participants: where necessary to offer, administer and manage the Services provided to you, such as insurers and insurance underwriters, reinsurers, brokers, intermediaries and loss adjusters. The insurance underwriter is the insurer that is underwriting your insurance statement and is named in your policy documentation. You should refer to the insurer’s privacy notice on their website for further information about their privacy practices;
c. vetting and risk management agencies: such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the Services;
d. legal advisers, loss adjusters, and claims investigators: where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature;
e. medical professionals: e.g. where you provide health information in connection with a claim against your insurance policy;
f. law enforcement bodies: where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;
g. public authorities, regulators and government bodies: where necessary for us to comply with our legal and regulatory obligations;
h. third party suppliers: where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions;
i. successors of the business: where Aon or the Services are sold to, acquired by or merged with another organisation, in whole or in part. Where personal information is shared in these circumstances it will continue to be used in accordance with this Statement;
j. business partners: such as joint venture entities, sponsors and/or other third-party business partners who collaborate or co-operate with Aon on projects, events, products or Services. You should refer to their privacy notices for more information about their privacy practices; and
k. internal and external auditors: where necessary for the conduct of company audits or to investigate a complaint or security threat.

7. Overseas transfers of your information

We operate on a global and worldwide basis, and we therefore reserve the right to transfer personal information about you to other countries to be processed for the purposes outlined in this Statement. In particular, we may make such transfers to offer, administer and manage the Services provided to you and improve the efficiency of our business operations. We shall endeavour to ensure that such transfers comply with all applicable data privacy laws and regulations and provide appropriate protection for the rights and freedoms conferred to individuals under such laws.

Where we collect personal information about you in the UK or the European Economic Area (the “EEA”) we may transfer the information to countries outside the UK or EEA for the processing purposes outlined in this Statement. This may include transfers to countries that the European Commission (the “EC”) and UK data protection regulator consider to provide adequate data privacy safeguards and to some countries that are not subject to an adequacy decision. Where we transfer personal information to countries that are not subject to an adequacy decision we shall put in place appropriate safeguards, such as standard contractual clauses approved by the EC or UK data protection regulator, as appropriate. Where necessary, we may implement additional technical, organizational or contractual measures to ensure an adequate level of protection for your personal information. Where required, further information concerning these safeguards can be obtained by contacting us.

8. Retention of your information

We retain appropriate records of your personal information to operate our business and comply with our legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the Services to you. In most cases we shall retain your personal information for no longer than is required under the applicable laws. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

9. Information Security

The security of your personal information is important to us, and we have implemented appropriate security measures to protect the confidentiality, integrity and availability of the personal information we collect about you and ensure that such information is processed in accordance with applicable data privacy laws.

10. Your Information Rights

10.1 You have the following rights under applicable data privacy laws in respect of any personal information we collect and use about you:

a. Right to access: a right to access and inspect your personal information or be provided with a permanent copy of the information being held about you.
b. Right to correction: a right to request the correction of your personal information or in cases where the accuracy of information is disputed, to supplement the information to give notice that you dispute its accuracy.
c. Right to erasure: a right to request the erasure of your personal information, particularly where the continued use of the information is no longer necessary.
d. Right to object to processing: a right to object to the use of your personal information, particularly where you feel there are no longer sufficient legitimate grounds for us to continue processing the information.
e. Right to object to direct marketing: a right to object to the use of your personal information for direct marketing purposes. See Section 11 below for further information.
f. Right to restrict processing: a right to request the restriction of your personal information from further use, e.g. where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
g. Right to portability: The right to request that some aspects of your personal information be provided to you or a third party of your choice in electronic form to enable its reuse.
h. Right to object to automated decision making: a right to object to decisions involving the use of your personal information, which have been taken solely by automated means. See Section 12 below for further information.
i. Right to lodge a complaint with a regulator: a right to complain to the relevant data protection regulator about our processing of your personal information. See Section 13 below for further information.

 

10.2 It is important to note, however, that some of the rights described above in Section 10.1 can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy laws, we will write to you to explain the reason for refusal. Where required, further information concerning these rights and their application can be obtained by contacting us.

11. Direct Marketing

We will use your personal information to send you direct marketing about other products and services that we feel may be of interest to you. We will give you the opportunity to refuse direct marketing at the point that you apply or register to receive the services and, on each occasion, thereafter that you receive direct marketing communications from us. You can also change your marketing preferences at any stage by contacting us. Please note that, even if you opt out of receiving direct marketing communications, we may still send you service-related communications where necessary.

12. Automated Decisions

Where you apply or register to receive a Service, we may carry out a real-time automated assessment to determine whether you are eligible to receive the Service. An automated assessment is an assessment carried out automatically using technological means (e.g., computer systems) without human involvement. This assessment will analyse your personal information and comprise several checks, e.g., credit history and bankruptcy check, validation of your driving licence and motoring convictions, validation of your previous claims history and other fraud prevention checks. Where your application to receive the Service does not appear to meet the eligible criteria, it may be automatically refused, and you will receive notification of this during the application process. However, where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us.

13. Complaints

13.1 If you wish to make a complaint about the way we use your personal information you should raise this with us by contacting us using the details set out in Section 14 below.

13.2 However, if you are not satisfied with the way we have handled your complaint you have the right to raise the matter with the relevant data protection regulator in your country.

14. Contact us

If you have any questions about the content of this Statement or the rights conferred to you under the applicable data privacy laws, you should contact Aon’s Global Privacy Office at [email protected] or at the following addresses:

  • EU Representative – Aon plc, 15 George's Quay, Dublin, Ireland
  • UK Representative – Aon UK Limited, The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London, EC3V 4AN, United Kingdom
  • US Contact – Aon plc, 200 E. Randolph, Chicago, Illinois 60601, United States

15. Changes to this Statement

This Statement is not contractual, and Aon reserves the right to reasonably amend it from time to time to ensure it continues to accurately reflect the way that we collect and use personal information about you. Any updates or changes to this Statement will be made available to you. You should periodically review this Statement to ensure you understand how we collect and use your personal information.

This Statement was last updated on 25 January 2023.

16. Aon Outbound Encrypted Emails

The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed or sent to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business.

Download PDF Version

Location Specific Privacy Statements