United Kingdom

Aon Solutions UK Limited Privacy Notice

This Privacy Notice describes how Aon Solutions UK Limited and Aon Investments Limited ("Aon") (and, where appointed, the Scheme Actuary) (together "we", "our", “us”), will use your personal information when providing pensions advisory and calculation services (“Services”) to our clients (such as your employer or your pension scheme trustees).

We will be responsible for the personal information we use to provide these Services, including where information is retained beyond the duration of our agreements with clients. We are committed to being responsible custodians of your personal information and acting in accordance with our legal obligations and your rights under data protection law.

This Privacy Notice describes:

  1. The types of personal information we collect
  2. How we use the personal information
  3. The grounds for using this personal information
  4. Accuracy of Information
  5. Who we may disclose personal information to and why
  6. Overseas transfers of personal information
  7. Direct Marketing
  8. Information Security
  9. Retention of personal information
  10. Your choices and rights
  11. How to contact us
  12. Status of this Privacy Notice
 

1. The types of personal information we collect

We collect personal information about you in order to provide pension benefit calculations and give advice to either the trustees or the sponsor of your scheme

We will also collect personal information about your spouse, partner or other immediate family member where you have named such individuals as beneficiaries to your pension. Where this additional information is provided to us, we will handle it in accordance with this Privacy Notice. However, as we will not be collecting the information from the beneficiary directly, you are responsible for informing your beneficiaries that we may process their information for these purposes, and providing them with a copy of this Privacy Notice.

The types of personal information we collect include:

  1. Basic personal data: including name, address, postcode, contact details;
  2. Unique identifiers: such as National Insurance Number or pension scheme reference number;
  3. Demographic information: date of birth, age, gender, marital status;
  4. Employment information: role, employment status (such as full/part time, contract), business unit, and employment history;
  5. Financial information: salary, tax code, third party deductions, bonus payments, benefits and entitlement data, national insurance contributions details
  6. Benefits information: benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments;
  7. Special categories such as medical information: in some cases it will be necessary for us to collect and process personal information relating to ill-health early retirement and ill-health reviews to determine the benefits paid to you. This kind of personal information is not routinely collected and processed by us, and will only be done where it is necessary to do so in the circumstances.

We collect this information from sources including our clients and their service providers (such as payroll processors), third parties such as your Independent Financial Adviser and/or your Additional Voluntary Contributions provider (as applicable), and from pension scheme members directly, including where members provide us with information about nominated beneficiaries.

In some instances, we automatically collect certain types of information when you visit our website(s) and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the footer of our page (where applicable).

 

2. How we use the personal information

We use the personal information we collect for the following purposes (in each case we have set out whether it is Aon or the Scheme Actuary (or both) using the information):

    Aon Scheme Actuary
a.

Plan Management: to help our clients run their pensions arrangements, make disclosures to third parties where legally required to do so or as otherwise requested by you; and for other checks or administrative activities that may become necessary from time to time (like member tracing to ensure the data we use is complete);

b.

Funding: to place values on members’ pension benefits entitlements as required by law;

c.

Liability Management: to undertake activities to help our clients manage their pension liabilities, such as bulk annuity quotations, scheme mergers, and member option exercises, as well as obtaining appropriate insurance coverage as may be required;

d.

Scheme Actuary Duties: to provide the valuations and calculations required of a Scheme Actuary by law;

e.

Regulatory Compliance: for meeting on-going regulatory, legal and compliance obligations including sanctions screening and assisting with investigations or prevention of crime, providing you with updated versions of this Privacy Notice (where required);

f.

Process and service improvement: to maintain and improve processes used in running the scheme (for example, automated benefit calculation routines), products or services and uses of technology, including testing and upgrading of systems;

g.

Contacting and marketing to our clients: where you are also an individual representative of our clients (e.g. a Trustee), we will process your personal data in order to contact you in relation to current, future and proposed engagements; send our newsletters, know-how, promotional material and other marketing communications to you, and also invite you to events (and arrange and administer those events)

h.

Anonymisation: we will anonymise personal information (such that it can no longer be reidentified) in order that it can be used with other data for data analysis, modelling, benchmarking and research purposes. We may share aggregated and anonymised data with third parties provided that we shall not publish externally or otherwise disclose any information which might reasonably identify you;

i.

Benchmarking, Modelling & Analysis: personal information will (in some instances in identifiable form, in others anonymous form) be processed for data analysis, modelling, benchmarking, and research purposes in order to improve understanding of life expectancy and other demographic aspects relevant for assessing pensions and insured liabilities. We may share limited identifiable data with third party agencies such as existence tracing providers to support these purposes. We will not otherwise publish externally or otherwise disclose any information which might reasonably identify you.

 

3. Grounds for using the personal information we collect

We rely on the following legal grounds to process your information:

  1. Necessary to pursue our legitimate interests as set out in 2(a)-(h) above e.g. to operate our business, provide the Services and improve our products and services generally. Where we rely on this legal basis to collect and use your personal information we will take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under applicable data privacy law;

  2. Pursuant to legal or regulatory obligations, including requirements to make any disclosures to authorities, regulators or government bodies (including HMRC);

  3. Necessary for performance of a contract: we will collect and use your personal information where necessary to enable us to take steps to fulfil our obligations in accordance with the terms of your pension scheme agreement; and

  4. In limited circumstances, processed with your consent, for example where we require you to provide sensitive information such as medical details that impact your retirement age which cannot otherwise be processed without your consent.

  5. In limited circumstances, necessary for statistical purposes, as set out in 2(g)-(h) above e.g. to improve understanding of life expectancy and other demographic aspects relevant for assessing pensions and insured liabilities. Where we rely on this legal basis we will take appropriate steps to ensure that any output of our statistical analyses will not include personal information which might reasonably identify you.

  6. In limited circumstances, necessary for reasons of substantial public interest. For example, in certain circumstances if we need to process special categories of data in order to determine the benefits payable to your relatives under an occupational pension scheme, in a scenario where it is not reasonably possible to obtain those relatives’ consent.. We will otherwise not usually ask you for special categories of data (such as information relating to health) when you correspond with us. Depending on the nature of your correspondence with us, it is possible that you provide us with information that contains some special categories of personal data and which will therefore be included in the information that we collect or record. To the extent that we do process any special categories of data in this way, we do so under Article 9(2)(g) of the UK GDPR and Section 10(3) of the DPA 2018 (necessary for reasons of substantial public interest), in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.

4. Accuracy of Information

We rely on being supplied with accurate personal data in order to provide the services to our clients, and operate our business. We may (to the extent reasonably possible) undertake consistency checks on data, but we are not able to validate the accuracy of individual personal data, and rely on our Clients and Client representatives to do this. Client representatives should also notify us of changes in their contact details (or other personal information) if that impacts on the delivery or management of services to our Clients.

 

5. Who we disclose personal information to

We generally share your personal information to the following categories of recipients:

  1. Our clients (such as your employer or your pension scheme trustees), and their service providers such as pension administrators and payroll providers;
  2. Third parties you have authorised us to share information with such as your financial advisor or nominated beneficiaries;
  3. Third party agencies, such as data tracing providers and other professional advisory agencies, where necessary to prevent and detect fraud in the pensions and insurance industry, or to assess and manage risk in relation to the Services;
  4. Insurance and reinsurance companies and financial advisors, such as when we carry out the activities referred to for Liability Management purposes above;
  5. Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature;
  6. Law enforcement bodies, where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;
  7. Public authorities, regulators and government bodies, where necessary for Aon to comply with its legal and regulatory obligations, such as responding to questions from the Pensions Ombudsman about any complaints they may have received, or providing information to HRMC;
  8. Our third party suppliers, where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions; and
  9. Successors of the business, where Aon is sold to, acquired by or merged with another organisation, in whole or in part. Where personal information is shared in these circumstances it will continue to be used in accordance with this Privacy Notice.
 

6. Overseas transfers of personal information

We operate on a global basis and may therefore transfer personal information to other countries, including without limitation the United States, India and Poland to be processed for the purposes outlined in this Privacy Notice. In particular, we may make such transfers to offer, administer and manage the services provided to you and improve the efficiency of our business operations. We shall endeavour to ensure that such transfers comply with all applicable data privacy laws and regulations and provide appropriate protection for the rights and freedoms conferred to individuals under such laws.

Where we collect personal information in the United Kingdom (the “UK”) or the European Economic Area (the “EEA”) we may transfer the information to countries outside the UK or EEA for the processing purposes outlined in this Privacy Notice. This may include transfers to countries that the European Commission (the “EC”) and UK data protection regulator consider provide adequate data privacy safeguards and to some countries that are not subject to an adequacy decision. Where we transfer personal information to countries that are not subject to an adequacy decision we shall put in place appropriate safeguards, such as standard contractual clauses approved by the EC or UK data protection regulator, as appropriate. Where necessary, we may implement additional technical, organisational or contractual measures to ensure an adequate level of protection for your personal information. Further information concerning these safeguards can be obtained by contacting us.

 

7. Direct Marketing

Where you are an individual representative of our Client (e.g. a Trustee), we will use your personal information to send you direct marketing about other products and services that we feel may be of interest to you. We will give you the opportunity to refuse direct marketing at the point that you apply or register to receive the services and on each occasion thereafter that you receive direct marketing communications from us. You can also change your marketing preferences at any stage by contacting us. Please note that, even if you opt out of receiving direct marketing communications, we may still send you service-related communications where necessary.

 

8. Information Security

We want you to feel confident that we are committed to keeping information secure. We have implemented appropriate technical and organisational security measures to protect the personal information we collect against unauthorised or unlawful processing and against accidental loss, damage or destruction.

 

9. Retention of personal information

Aon retains appropriate records of your personal information to operate its business and comply with its legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the Services. In most cases we shall retain personal information for no more than twenty years beyond the period for which we provide the Services unless regulatory or legal obligations imposed on us require specific personal information to be retained for longer. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

 

10. Your rights and choices

Under data protection law you have certain rights regarding information that we collect about you. You can ask to:

  • see what personal information we hold about you;
  • have corrected any personal information we may have about you;
  • erase your personal information;
  • restrict, or in some cases object to our use of your personal information;
  • transfer your information to you or a third party (in some circumstances); and
  • withdraw your consent to the use of your information, to the extent such use is based on your consent.

In order to exercise any of the above rights, you can do so by using the information provided in the “How to contact us” section below. It is important to note, however, that some of the rights described above can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy law we will write to you to explain the reason for refusal.

You can also lodge a complaint about the processing of your personal information with the Information Commissioner’s Office (www.ico.org.uk).

 

11. How to contact us

If you have any questions or wish to exercise any of the above rights you should contact us, including reference to the scheme name, as follows:

Data Protection Officer, Aon Solutions UK Limited (Retirement and Investment UK), PO Box 730, Redhill, RH1 9FH [email protected]

 

12. Status of this Privacy Notice

This privacy notice was updated on Feb 07, 2023. It is non-contractual and we reserve the right to amend it from time to time.