Privacy Statement
Aon Enterprise Solutions (Shanghai) Co., Ltd. (“Aon”) is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our employees, customers, clients, business partners and others who share their personal information with us.
What does this Privacy Statement do?
This Privacy Statement (“Statement”) explains Aon’s information handling practices. This Statement applies to any personal information you provide to Aon and any personal information we collect from other sources, unless you are provided a more specific privacy statement at the time of personal information collection. This Statement does not apply to your use of any third-party sites linked to from this website or any websites which have their own privacy notices.
This Statement aims to help you understand how we collect, store, use, process, transfer, provide, disclose, delete (collectively as “Handle”) your personal information.
PRIVACY STATEMENT
- Who is responsible for your information?
- How do we collect your information and what information do we collect?
- How do we use your personal information?
- Legal basis
- Do we collect information from children?
- How long do we retain your personal information?
- How do we disclose your personal information?
- Do we transfer your personal information across geographies?
- Do we have security measures in place to protect your information?
- Other rights regarding your data
- Automated Decisions
- Contact Us
- Changes to this Statement
1. Who is responsible for your personal information?
Throughout this Statement, “Aon” refers to Aon Enterprise Solutions (Shanghai) Co., Ltd., (also referred to as “we,” “us,” or “our”). Personal information is collected by Aon who is responsible for its processing in their capacity as a personal information handler.
Aon also provide services to our clients as an engaged processer. Where this is the case we will handle your personal information in line with our legal obligations and contractual commitments with our clients.
2. How do we collect your personal information and what information do we collect?
The personal information we collect varies depending upon the nature of our services. This Statement provides an overview of the categories of personal information we collect and the purposes for which we use it. More information about the personal information collected for each of our services, together with the purpose and legal basis for collecting the information, may be provided to you in separate privacy notices relevant to the applicable services.
a. Aon collects personal information in the following ways:
Personal Information you provide to us
Aon collects information directly from you when you:
- Request a service from us;
- Visit an Aon site or attend an Aon event;
- Apply for a position at Aon;
- Contact us with a complaint or query;
- Engage with us over social media; or
- Register with or use any of our websites or applications.
You are required to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information we reasonably require to fulfill these obligations, we may be unable to offer the services to you and/or we may terminate the services provided with immediate effect.
Where you provide personal information to Aon about third-party individuals (e.g., information about your spouse, civil partner, child(ren), dependents or emergency contacts), where appropriate, you should provide these individuals with a copy of this Statement beforehand or ensure they are otherwise made aware of how their personal information will be used by Aon. Where you provide information to us about your beneficiaries we may require you to provide explicit consent on their behalf.
Personal Information we automatically collect
In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the footer of our page (where applicable).
Personal Information we collect from clients or third parties
When we provide the services to our clients, we may collect personal information from our clients about you, such as your name, contact details, date of birth, gender, marital status, financial details, employment details, and benefit coverage. We may also collect (in each case as strictly relevant to the services we provide) sensitive personal information about you, such as health information in relation to life, health, professional liability and workers compensation insurance or employee benefit programs sponsored by your employer. Most of the personal information we receive relates to your participation in the compensation and benefits programs offered by your employer. Where permitted by national law, and appropriate to do so, we may collect criminal records information; for example, where required as part of our business acceptance, finance, administration, recruitment, anti-money laundering and sanctions screening processes. The personal information handling rules may be provided to you in separate privacy notices relevant to the applicable services.
b. The personal information we collect about you may include the following:
| a. |
Basic personal details, such as your name, address contact details, date of birth, age, gender and marital status; |
| b. |
Unique identifiers such as your national ID information or passport information; |
| c. |
Demographic details, such as information about your age, gender, race, marital status, lifestyle, and insurance requirements; |
| d. |
Employment information such as role, employment status (such as full/part time, contract), salary information, employment benefits, and employment history; |
| e. |
Health information such as information about your health status, medical records and medical assessment outcomes; |
| f. |
Benefits information such as benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments; |
| g. |
Financial details such as payment card and bank account details, details of your credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details; |
| h. |
Your marketing preferences; |
| i. |
Online information: e.g., information about your visits to our websites; |
| j. |
Events information such as information about your interest in and attendance at our events, including provision of feedback forms; |
| k. |
Social media information such as interactions (e.g., likes and posts) with our social media presence; and |
Where we collect sensitive personal information (such as information about your health or alleged criminal activities), we will ensure that it is necessary and is Handled in accordance with applicable laws, which may include obtaining your explicit consent and/or necessary authorizations prior to collection.
3. How do we use your personal information?
The following is a summary of the purposes for which we use personal information. More information about the personal information collected for each of our services, together with the purpose and legal basis for collecting the information, may be provided to you in separate privacy notices which are relevant to the services which affect you.
Performing services for our clients
We Handle personal information which our clients provide to us to perform our data solutions services and advisory. The precise purposes for which your personal information is Handled will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards.
Administering our client engagements
We process personal information about our clients and the individual representatives of our corporate clients to:
- Carry out Aon’s regulatory and compliance obligations, including:
- "Know Your Customer" checks and screening;
- Anti-money laundering;
- Trade sanctions screening;
- Obtain and update credit information with appropriate third parties, such as credit reporting agencies, where transactions are made on credit;
- Communicate with our clients;
- Address client inquiries and complaints; and
- Administer claims.
Communications and marketing to our clients and prospective clients
We Handle personal information about our clients, prospective clients, and the individual representatives of our corporate clients to: send newsletters, know-how, promotional material and other marketing communications; and invite our clients to events, including arranging and administering those events.
Conducting data analytics, benchmarking and modeling
Aon is an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements to analyze trends. Aon also uses data to perform analysis, modeling, benchmarking and research.
Mergers and acquisitions
We Handle personal information in the event of a sale, acquisition or reorganization. This includes processing personal information for planning and due diligence purposes both prior to closing and after a transaction has closed for reasons related to the sale, acquisition, or reorganization and in order to transfer books of business to successors of the business.
Process and service improvement
We Handle personal dinformation to maintain and improve processes used in providing the services and uses of technology, including testing and upgrading of systems. We also handle personal information to develop new services.
If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected, we will request your consent unless your personal information is being processed to satisfy our legal and regulatory obligations. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.
4. Legal basis
We rely on the following legal grounds to collect and use your personal information:
| a. |
Performance of the service contract |
Where we offer services or enter into a contract with you to provide services, we will collect and use your personal information where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfill our obligations in the contract with you. |
| b. |
Legal and regulatory obligations |
The collection and use of some aspects of your personal information is necessary to enable us to meet our legal and regulatory obligations. |
| c. |
Consent |
In certain instances, we rely on your consent as a legal basis.
Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect.
Where you choose to receive the services from us you agree to the collection and use of your personal information in the way we describe in relevant statements.
|
| d. |
Substantial public interest (in accordance with applicable law) |
If applicable law allows, we may collect and use your information for a substantial public interest. For example, to prevent or detect unlawful acts or in public health; to protect of life, health and property safety of natural persons under emergency circumstances |
| e. |
Public Disclosure |
Unless otherwise prohibited by the applicable or expressed refused by you, we will collect and use your personal information in public domain within reasonable scope. |
5. Do we collect personal information from children?
Our websites are not directed to children and we do not knowingly collect personal information from children on our websites. Children are prohibited from using our websites.
Certain Aon solution lines may process personal information related to children, such as their date of birth, address, and other identifiable information. This personal information is not collected directly from children, but from other parties such as from our client, the carrier, or directly from you as the parent or guardian of the child (e.g., so that the child may be named a beneficiary to an insurance policy or pension plan).
6. How long do we retain your personal information?
How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information for the period necessary to fulfil the purposes described in this Statement unless a longer retention period is permitted or required by law and in accordance with the Aon Record Retention Policy. Your personal information will be securely destroyed when it is no longer required.
7. How do we disclose your personal information?
We generally share your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you:
| a. |
Within Aon: we may share your personal information with other Aon entities, brands, divisions, and subsidiaries for the processing purposes outlined in this Statement; |
| b. |
Legal advisers and claims investigators, where necessary to investigate, exercise or defend legal claims or other claims of a similar nature; |
| c. |
Law enforcement bodies, when required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, and where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders; |
| d. |
Public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity; |
| e. |
Third-party suppliers, where we outsource our processing operations to suppliers that process personal information on our behalf. Examples include IT service providers who manage our IT and back office systems and telecommunications networks, and contact center providers. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions; |
| f. |
Successors of the business, where Aon or the services are sold to, acquired by or merged with another organization, in whole or in part, and personal information needs to be shared with relevant third parties as part of due diligence processes and transfers to the new entity. Where personal information is shared in these circumstances it will shared in accordance with this Statement; and |
| g. |
Internal and external auditors where necessary for the conduct of company audits or to investigate a complaint or security threat. |
8. Do we transfer your personal information across geographies?
We are a global organization and transfer certain personal information across geographical borders in accordance with applicable law.
When we do, if the applicable law requires that we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, such as:
- We ensure transfers between Aon entities are covered by agreements that incorporate prescribed contractual wording, such as the standard contract in relation to cross-border transfer issued by China CAC (Cyberspace Administration of China), which contractually oblige each party to ensure that personal information receives an adequate and consistent level of protection.
- Where we transfer to or receive your personal information from third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information, which incorporate standard contractual clauses where required.
- Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
Where required, further information concerning these safeguards can be obtained by contacting us.
9. Do we have security measures in place to protect your personal information?
The security of your personal information is important to us and Aon has implemented reasonable physical, technical and administrative security standards in an effort to protect personal information from loss, unauthorized access, misuse, alteration or destruction and to ensure that such information is processed in accordance with applicable data privacy laws.
10. Other rights regarding your personal information
Subject to certain exemptions and the jurisdiction in which you live, and in some cases dependent upon the processing activity we are undertaking, you may have certain rights in relation to your personal information. We have listed some of the common rights that may be applicable below. When you exercise these rights, we may need to ask you for additional information to confirm your identity, before disclosing information to you or responding to your request. We will not charge a fee unless your request is manifestly unfounded or excessive and/or we are permitted by law to levy such charges.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. If we cannot fully address your request, we will contact you to let you know and explain the reason why your request was denied.
Right to Access
You have the right under certain circumstances to access and inspect personal information which Aon holds about you. If you have created a profile, you can access that information by visiting your account.
Right to Correction
You may have the right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Delete)
You have the right under certain circumstances to have your personal information erased. Your personal information will be erased if your personal information is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the personal information.
Right to Restrict Processing
You have the right under certain circumstances to request the restriction of your personal information from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
Right to Transfer (Data Portability)
You have the right under certain circumstances to personal information transfer, which requires us to provide personal information to you or another personal information handler in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
Right to Object to Withdraw Consent
You have the right to withdraw your consent regarding the Handling of your personal information (including but not limited to the handling of your personal information for automatic decision making and direct marketing). Your withdrawal of consent will prevent us from continuing to provide you with the corresponding services. However, your decision to withdraw your consent will not affect the Handling of personal information previously carried out on the basis of your consent.
Right to Decline Automated Decision Making
You have the right to object to decisions involving the use of your personal information, which have been taken solely by automated means. See section eleven (11) below for further information.
Right to Object to Direct Marketing
Where your personal information is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal information concerning him or her for such marketing. We will provide specific information on how to opt-out from our marketing initiatives through the medium we communicate with you.
11. Automated Decisions
Where you apply or register to receive the service we may carry out a real-time automated assessment to determine whether you are eligible to receive the service. An automated assessment is an assessment carried out automatically using technological means (e.g., computer systems) without human involvement. This assessment will analyse your personal information and comprise several checks, e.g., credit history and bankruptcy check, validation of your driving licence and motoring convictions, validation of your previous claims history and other fraud prevention checks. Where your application to receive the service does not appear to meet the eligible criteria, it may be automatically refused, and you will receive notification of this during the application process. However, where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us.
12. Contact Us
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about this Statement, please contact us:
Hai Middle RoadM
Shanghai Central Plaza, 36/F
Shanghai, 200020
China
Email: [email protected]
13. Changes to this Statement
We may update this Statement from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Statement so that you will be aware of our privacy practices.
This Statement was last updated on January 2023.