Aon Australia Group Privacy Statement

Aon plc (NYSE: AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

Aon is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our employees, customers, clients, business partners and others who share their Personal Information with us.

The Aon Australia Group of Companies subscribes to handling personal data in accordance with both the Aon Global Privacy Statement and the Aon Australia Group Privacy Statement. The terms of the Aon Global Privacy Statement will apply to the extent of any inconsistency between the policies, to the extent permitted by law. In particular, the Aon Global Privacy Statement outlines how the Aon group of companies handles any personal data subject to the General Data Protection Regulations (GDPR). If you require any further information, please contact Aon Australia’s Privacy Officer via the contact details provided towards the end of this statement.

Your privacy and the law

The Aon Group is committed to respecting your privacy and protecting your Personal Information. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP), along with any other applicable privacy laws and codes, when collecting, using, disclosing, holding, handling and transferring any Personal Information. Where practical and legally permissible to do so, you have the option of providing information to us and dealing with us anonymously or by using a pseudonym. At Aon, we have ongoing practices, procedures and systems in place to ensure that we manage Personal Information in an open and transparent way. Further information about these practices, procedures and systems is contained in our statement, set out below.

Key Definitions

In this statement, unless otherwise specified, the following definitions will apply:

“Act”		means Privacy Act 1988 (Cth) or any replacement law.
“Administrators”		means service providers such as Corporate Services Network Pty Ltd ABN 30 074 864 609;
“Aon” refers to Aon plc, including its affiliated companies and subsidiaries (also referred to as “we,” “us,” or “our”).		includes Aon Corporation Australia Limited ACN 004 756 772 and its related bodies corporate. Members of the Aon Group and a brief description of the services they provide are as follows:   Aon Risk Services Australia Limited ABN 17 000 434 720 (general insurance broker); Affinity Risk Partners (Brokers) Pty Ltd ABN 15 091 944 580 (general insurance broker representative); Aon Reinsurance Australia Limited (ABN 79 003 026 668 (reinsurance broker); Aon Product Design & Development Australia Pty Ltd ABN 55 136 905 845 (product design and development); Aon Superannuation Pty Limited ABN 83 0570982 822 (superannuation) Aon Hewitt Financial Advice Limited ABN 13 091 225 642 Aon Advisory Australia Pty Ltd ABN 50 068 620 771 (human resources, consulting services, benefits administrations and business process outsourcing); HIA Insurance Services Pty Ltd ABN 84 076 460 967 (general insurance broker representative); One Underwriting Pty Ltd ABN 50 006 767 540 (underwriting agency); Aon Charitable Foundation Pty Ltd ABN 68 065 177 595 (charity); Aon Risk and Asset Management Limited ABN 51 629 413 314 (trustee); Cut-E Australia Pty Ltd ABN 81 118 245 597 (consulting) Aon Services Pty Ltd ABN 96 116 871 473 (services).
“Aon”		means an applicable entity in the Aon Group.
“Aon Website”		means a website or mobile application owned or operate by an entity in the Aon global group of companies (including www.aon.com.au).
“APP”		means the Australian Privacy Principles contained in Schedule 1 of the Act.
“Authorised Representative”		means a person authorised in accordance with sections 916A and 916B of the Corporations Act 2001 (Cth) to provide financial services on behalf of an Australian Financial Services Licence holder.
“Personal Information”		means the definition as set out in section 6(1) of the Act.
“Privacy Statement”		means this Aon Australia Group Privacy Statement.

 
About this Privacy Statement

This Privacy Statement explains how Aon manages your Personal Information. It provides you with a general overview of:
 

Collecting your Personal Information		the type of information we may collect and how we collect it;
Using and disclosing your Personal Information		the ways in which and the purposes for which we may use and disclose your information;
Cross-border disclosures of your Personal Information		our approach to disclosing your information to overseas recipients;
Holding and storing your Personal Information		the ways we hold, store and secure your information;
Accessing and correcting your Personal Information		how you access and change information we hold about you; and
Resolving your privacy issues		how to raise any issues with our management of your information in accordance with the APPs, and how to opt-out.

 
This Privacy Statement applies to any Personal Information you provide to Aon and any Personal Information we collect from other sources (where relevant and legally permissible). This Privacy Statement does not apply to your use of any third-party sites linked to from this website or any websites which have their own privacy notices or statements.
 
We may update this Privacy Statement from time to time. When we do, we will post the current version on our website and we will revise the version date located below. We encourage you to periodically review this Privacy Statement so that you will be aware of our privacy practices. This Privacy Statement was last updated December 2022.

Collecting your personal information
 

Who is responsible for your information?		Personal Information is collected by each member of the Aon group as organisations bound by the Act. A full list of our group entities is listed above. Aon entities also provide services to our clients. Where this is the case, we will process your Personal Information in line with our legal obligations and contractual commitments with our clients.
What is Personal Information?		Personal Information is generally considered to be information or opinion that allows others to identify you. This includes your name, gender, contact details, as well as your health and financial information.
Why do we collect your Personal Information?		We will generally collect Personal Information that is reasonably necessary to offer and administer our services and products, and those offered by the global Aon Group of companies. Further reasons we may collect your Personal Information include: Legal and regulatory obligations The collection and use of some aspects of your Personal Information is necessary to enable us to meet our legal and regulatory obligations. For example, Aon is licensed and regulated by certain industry regulators and is required to provide some services in accordance with relevant regulatory rules. Preventing and detecting fraud We will use your Personal Information, including information relating to criminal convictions or alleged offences to prevent and detect fraud, other financial crime, and crime generally in the insurance and financial services industry. Legitimate interests The collection and use of some aspects of your Personal Informationis necessary to enable us to pursue our legitimate commercial interests. For example, we have legitimate interests in:   providing professional services across our global solution lines; operating our business, and managing and developing our relationships with clients and suppliers; understanding and responding to inquiries; receiving information from third parties and Aon affiliates to provide services; sharing data in connection with mergers and acquisitions and transfers of business; improving our services; understanding how our clients use our services and websites; developing and identifying products and services that may interest our clients, conducting market or customer satisfaction research; and developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services. Where we collect and use your Personal Information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable Australian data privacy laws.
What type of information can we collect from you?		a. Basic personal details, such as your name, addresscontact details, date of birth, age, gender and marital status; b. Unique identifiers such as Driver’sLicense Number; c. Demographic details, such as information about your age, gender, race, marital status, lifestyle, and insurance requirements; d. Employment information such as role, employment status (such as full/part time, contract), salary information, employment benefits, and employment history; e. Health information about your health status, medical recordsand medical assessment outcomes in relation to life, heath, professional liability and workers compensation insurance, membership of professional or trade associations and sexual preferences. f. Benefits Information such as benefits elections, pension entitlements information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments. g. Financial details such as payment card and bank account details, details of your credit history and bankruptcy status, salary, third-party deductions and bonus payments; h. Claims details such as information about any claims concerning your or your employer’s insurance policy; i. Your marketing preferences; such as interests and preferred language, and whether you’d like to receive certain information from us j. Online information: e.g., information about your visits to our websites; k. Events information such as information about your interest in and attendance at our events, including provision of feedback forms; l. Social media information such as interactions (e.g., likes and posts) with our social media presence; and m. Criminal records information such as the existence of or alleged criminal offences, or confirmation of clean criminal records. n. Mobile Devices: we may collect your unique device identifier and mobile device IP address as well as information about your device operating system, mobile carrier and your location o. Driving history, certifications and insurance details: such as driving licence details, the period for which a licence has been held, existing and previous insurance policy details, previous accident and claims history and details of any motoring convictions
What can happen if you don’t provide us with your information, or provide us with information that is incomplete or inaccurate?		If you do not provide the information we request, we or those involved with the provision of the service or product, may not be able to provide the appropriate type or level of service or product.
How do we collect this information?		The Personal Information we collect varies depending upon the nature of our services. This Privacy Statement provides an overview of the categories of Personal Information we collect and the purposes for which we use it. Aon collects Personal Informationin the following ways: Information you provide to us Aon will collect information directly from you (unless impracticable or unreasonable to do so), this can include when you:   Request a service from us; Visit an Aon site or attend an Aon event; Apply for a position at Aon; Contact us with a complaint or query; Engage with us over social media; or Register with or use any of our websites or applications. You are required to provide any Personal Information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information, we reasonably require to fulfill these obligations, we may be unable to offer the services to you and/or we may terminate the services provided with immediate effect. Where you provide Personal Information to Aon about third-party individuals (e.g., information about your spouse, civil partner, child(ren), dependents or emergency contacts), where appropriate, you should provide these individuals with a copy of this Privacy Statement beforehand or ensure they are otherwise made aware of how their information will be used by Aon. Information we automatically collect In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found in our Cookie Notice Information we collect from clients or third parties When we provide the services to our clients, we may collect Personal Information from our third parties about you, such as your name, contact details, date of birth, gender, marital status, financial details, employment details, and benefit coverage. We may also collect (in each case as strictly relevant to the services we provide) sensitive information about you, such as health information in relation to life, health, professional liability and workers compensation insurance or employee benefit programs sponsored by your employer. If permitted to do so by law we may collect information from other companies within the Aon Group, third parties such as our affiliates, Authorised Representatives, or other third parties such as Administrators, employers, insurance companies, insurance brokers or agents, credit organisations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, third parties (including industry associations) who may be arranging insurance cover for a group that you are a part of, law enforcement, dispute resolution, statutory and regulatory bodies, marketing lists and industry databases, publicly available sources, other government bodies, etc. Upon your request, we will take reasonable steps to let you know how we have sourced your Personal Information, unless it is obvious from the circumstances that you would know or would reasonably expect us to have the information (such as where we are dealing with your advisers).
How do we notify you and obtain your consent?		Where required, we will obtain your consent to the purposes for which we intend to collect, use and disclose your Personal Information either at the time you engage us to provide you with a product or service, or as soon as practicable. Otherwise, unless we hear from you by one of the means set out in this Privacy Statement, by visiting an Aon Website or using any of our products or services, or otherwise by providing us with your information, you agree to your information being managed in accordance with this Privacy Statement. When you provide us your mobile device phone number as your contact phone number, you consent to the use of your mobile device phone number for the purposes identified in this Privacy Statement. If you choose to receive notifications from us on your mobile device (e.g. text notifications), you also consent to the use of your mobile phone number for that purpose. You may modify or withdraw your consent at any time by contacting the privacy officer (privacyofficer@aon.com) or your Aon Group Representative. If you do not give us consent or subsequently modify or withdraw your consent, we may not be able to provide you with the products or services you want. If you provide us with information about other individuals (such as employees, dependents etc.) you must obtain their consent for us to use their information in accordance with our Privacy Statement prior to your disclosure to us or otherwise let us know if this is not the case.
Modifying your consent and opting-out of marketing		You may modify or withdraw your consent oropt-out of receiving direct marketing at any time by contacting the Privacy Officer (privacyofficer@aon.com) or your Aon Group Representative. If you receive electronic communications, such as an e-newsletter, you may unsubscribe at any time by following the instructions included in the communication. If you previously chose to receive push notifications on your mobile device, you may manage your preferences either through your device or the application settings. Alternatively, you may uninstall the application by using the uninstall process available on your mobile device. To prevent the use of cookies and the associated advertising, you need to adjust the settings on your browser to refuse all cookies. Our Cookie Notice contains guidance on how to disable cookies on many browser types.
How do we deal with unsolicited information?		Where we receive information that we have not requested (“unsolicited information”), we will determine whether that information is reasonably necessary for our functions or activities. We will handle the information in the same way that we handle information we have requested.
Do we collect information from children?		Our websites are not directed to children, and we do not knowingly collect Personal Information from children on our websites. Certain Aon solution lines may process data related to children, such as their date of birth, address, and other identifiable information. This information is not collected directly from children, but from other parties such as from our client, the carrier, or directly from you as the parent or guardian of the child (e.g., so that the child may be named a beneficiary to an insurance policy or pension plan).

Using and disclosing your personal information
 

How can your Personal Information be used and disclosed?		We will generally only use and disclose your Personal Information for the purpose that it was collected for, any related purpose that you would reasonably expect us to use or disclose it for, for the purpose of analytics, or as permitted under this Privacy Statement or under any law. Aon otherwise has a duty to maintain the confidentiality of its clients’ information unless disclosure is permitted with your consent or compelled under any law. Your information may be used or disclosed: Within Aon: we may share your Personal Information with other Aon entities, brands, divisions, and subsidiaries for the processing purposes outlined in this Privacy Statement; To insurance market participants where necessary to offer, administer and manage the services provided to you, such as insurers and insurance underwriters, reinsurers, brokers, intermediaries and loss adjusters. The insurance underwriter is the insurer that is underwriting your insurance policy and is named in your policy documentation. You should refer to the insurer’s Privacy Statement on their website for further information about their privacy practices; Performing services for our clients We process Personal Information which our clients provide to us to perform our commercial risk, reinsurance, retirement, health, and data and analytics services. The precise purposes for which your Personal Information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards. Administering our client engagements We process Personal Information about our clients and the individual representatives of our corporate clients to:   Carry out Aon’s regulatory and compliance obligations, which may include: "Know Your Customer" checks and screening; Anti-money laundering; Trade sanctions screening; Obtain and update credit information with appropriate third parties, such as credit reporting agencies, where transactions are made on credit; Communicate with our clients; Address client inquiries and complaints; and Administer claims. Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services; Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature; Medical professionals, e.g., where you provide health information in connection with a claim against your insurance policy; Internal and external auditors where necessary for the conduct of company audits or to investigate a complaint or security threat. Communications and marketing to our clients and prospective clients We process Personal Information about our clients, prospective clients, and the individual representatives of our corporate clients to: send newsletters, know-how, promotional material and other marketing communications; and invite our clients to events, including arranging and administering those events. Third-party suppliers, where we outsource our processing operations to suppliers that process Personal Information on our behalf. Examples include IT service providers who manage our IT and back-office systems and telecommunications networks, and contact center providers. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions. Conducting data analytics, benchmarking and modelling Aon is an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements to analyse trends. Aon also uses data to perform analysis, modelling, benchmarking and research. Crime prevention We process Personal Information to facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders and to comply with laws/regulations. For example, we do this as part of our business acceptance, finance, administration and recruitment processes, including anti-money laundering and sanctions screening checks. Public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity; Mergers and acquisitions We process Personal Information in the event of a sale, acquisition or reorganization. This includes processing Personal Information for planning and due diligence purposes both prior to closing and after a transaction has closed for reasons related to the sale, acquisition, or reorganization and in order to transfer books of business to successors of the business. Process and service improvement We process personal data to maintain and improve processes used in providing the services and uses of technology, including testing, upgrading of systems and monitoring and training. We also process data to develop new services. Consent We rely on your consent to collect and use Personal Information, specifically for assessing risks relating to your prospective or existing insurance policy. We may also share this information with other insurance market participants and third parties where necessary to offer, administer and manage the services provided to you, such as insurers and insurance underwriters, reinsurers, brokers and vetting agencies. Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect. Where you choose to receive the services from us you agree to the collection and use of your Personal Information in the way we describe in this section of the Statement. If applicable you also agree that such information may be collected and used for the above purpose by the insurance underwriter named in your insurance policy documentation. You should refer to the insurer’s Privacy Statement on their website for further information about privacy practices. Substantial public interest (in accordance with applicable law) If applicable law allows, we may collect and use your information for a substantial public interest. For example, to prevent or detect unlawful acts or in the interest of public health.
Who can access your Personal Information?		We may disclose your information to other companies within the Aon Group and the following affiliates or third party service providers to assist us in providing, managing and administering our services and products:   banking and finance products - business partners, debt collection agencies, insurers, reinsurers and premium funders; insurance broking and insurance products - business partners, including insurers, reinsurers, other insurance intermediaries, insurance reference bureaux, medical service providers, fraud detection agencies, other advisers such as loss adjusters, lawyers and accountants and others involved in the claim handling process; our Authorised Representatives; authorised service providers, including IT service providers; external IT service providers, infrastructure and other third parties where required by law; entities related to the Aon Group for the purpose of offering you other products and services (provided, you have not elected to opt-out of receiving such information); and from other companies within the Aon Group, third parties such as our affiliates, Authorised Representatives, or other third parties such as Administrators, employers, insurance companies, insurance brokers or agents, credit organisations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, third parties (including industry associations) who may be arranging insurance cover for a group that you are a part of, law enforcement, dispute resolution, statutory and regulatory bodies, marketing lists and industry databases, publicly available sources, other government bodies.
Can your information be used for direct marketing?		As indicated above, unless you opt out and disable the use of cookies, we may use your Personal Information to let you know about products and services from across Aon or our affiliates and business partners that we think may be of interest to you. You can opt-out by choosing the opt-out function on application forms, or by contacting the Privacy Officer (privacyofficer@aon.com) or your Aon Group Representative.

Cross border disclosures of your personal information
 

What is our approach to disclosing your information to third parties and overseas recipients?

Aon may disclose Personal Information to our overseas related bodies corporate (please visit the Aon Website for a list of our worldwide office locations) and third parties who we believe are necessary to assist us in providing the relevant services and products to our clients or to enable them to offer their products and services to you. For instance, we disclose Personal Information to the relevant product provider and their representatives, our agents and contractors and related companies (including our Authorised Representatives). We generally limit, however, such use and disclosure of any Personal Information to the specific purpose for which it was supplied. In addition to our affiliates, we may also disclose Personal Information to third parties such as our contractors, agents and service providers when we outsource certain functions, including market research, direct marketing, claims handling and recruitment. This would also include our third party storage providers, whom we may use from time to time to store information physically or electronically. Our affiliates and third parties may be based locally or they may be overseas. Examples include, but are not limited to, the United States of America, the United Kingdom, Ireland, Singapore, Netherlands, India and the Philippines.   When we do, if the applicable law requires we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, such as: In these circumstances, Aon will generally take reasonable steps to ensure that we have arrangements in place with such parties which contractually oblige each party to ensure that Personal Information receives an adequate and consistent level of protection. Where we transfer to or receive your Personal Information from third parties who help provide our products and services, we obtain contractual commitments from them to protect your Personal Information, which incorporate standard contractual clauses where required. However, by providing Personal Information to us, you acknowledge that we may not always be able to guarantee that overseas parties are subject to requirements similar to those contained in the Privacy Act and consent to the disclosure on this basis. If you would like further information about whether your information will be disclosed to overseas recipients, please contact the Privacy Officer (privacyofficer@aon.com). Please also note that we may disclose your Personal Information, upon request, to any local or foreign government, law enforcement, dispute resolution, statutory or regulatory body, or as required by any law or regulation. (including the Corporations Act and the Anti-Money Laundering & Counter-Terrorism Financing Act). Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Information is disclosed.

 
Holding and storing your personal information
 

How do we hold your information?		Your information may be held in physical format, as electronic data, or in our software or systems. In particular, we may store your information in cloud or other types of networked or electronic storage.
What is our information security policy?		We take reasonable steps to protect Personal Information from misuse, interference and loss and implement physical, technical and administrative security standards to secure and protect your Personal Information from unauthorised access, modification or disclosure. Steps we take include implementing and imposing:   confidentiality requirements on our employees and other representatives, as well as third parties; policies on document storage security; security measures for access to our systems; only providing access to information once proper identification has been given; controlling access to our premises; and website protection security measures. Further information about our data security practices can be provided on request. Notwithstanding the above, you should be aware that no data protection and security measures are completely secure. Despite all the measures we have put in place, we cannot guarantee the security of your information, particularly in relation to transmissions over the Internet. It may also not be practicable to know in which country your information may be held, where networked or electronic storage solutions are adopted. Accordingly, any information which you transmit to us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details, etc.) and you should notify us as soon as possible after you become aware of any security breaches.
How long do we hold your information for?		How long we retain your Personal Information depends on the purpose for which it was obtained and its nature. We will keep your Personal Information for the period necessary to fulfil the purposes described in this Privacy Statement unless a longer retention period is permitted or required by law and in accordance with the Aon Record Retention Policy.

 
Accessing and correcting your personal information
 

How can I access and correct my information?

We take reasonable steps to ensure the Personal Information that we collect, hold and disclose is accurate, up to date and complete. However, we also rely on you to let us know of any changes or corrections required. You should contact us to update your Personal Information or advise us if the Personal Information we hold is not accurate, up to date or complete. You can access or update your personal information as follows:   if you have created a profile or an account on our website, you can update your information once you log in; contact your Aon Group Representative or our Privacy Officer (privacyofficer@aon.com); if you receive electronic communications, such as an e-newsletter, you may unsubscribe at any time by following the instructions included in the communication; if you previously chose to receive push notifications on your mobile device, you may manage your preferences either through your device or the application settings. Alternatively, you may uninstall the application by using the uninstall process available on your mobile device; and as described in our Cookie Notice, you may adjust your browser settings to accept or refuse cookies. If we do not provide you with access or refuse to update your information, we will provide you with the reason for refusal and inform you of any exceptions relied upon. Your request to provide information will be dealt with in a reasonable time from receipt of your request and we may recover from you our reasonable cost of supplying you with this information.

 
Other rights regarding your data
 

Right to access		You have the right to access and inspect your personal information or be provided with a permanent copy of the information being held about you.
Right to correction		You have the right to request the correction of your personal information or in cases where the accuracy of information is disputed, to supplement the information to give notice that you dispute its accuracy.
Right to object processing		You have the right to object to the use of your personal information, particularly where you feel there are no longer sufficient legitimate grounds for us to continue processing the information. If you raise an objection, and we have the opportunity to demonstrate that we have compelling legitimate interests to the use of your information (e.g., it is required by Law), then it will override your objection.
Right to object to direct marketing		You have a right to object to the use of your personal information for direct marketing purposes. See aforementioned section Modifying your consent and opting-out of marketing for more details.

Resolving your privacy issues

If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs, or would like to make a complaint about a breach of the Act or this Privacy Statement, please contact the Privacy Officer:

Post: Attn: Privacy Officer
Aon Corporation Australia
GPO Box 4189
Sydney NSW 2001
Email: privacyofficer@aon.com 
Phone: +61 29253 7000

We are committed to respecting your privacy and we will respond to you as soon as reasonably possible.
If, however, you feel that your complaint has not been resolved, then you can contact the Office of the Australian Information Commissioner on the details below:

Post:  GPO Box 5218
Sydney NSW 2001
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Online: https://www.oaic.gov.au