Privacy Notice for California Residents
Aon PLC including its affiliated companies and subsidiaries (“Aon” "we", "us", or "our”), is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Aon is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their personal information with us.
This Privacy Notice (“Notice”) supplements the terms of the Aon Global Privacy Statement and applies to visitors, users, and others who are residents of the State of California (“consumer” or “you”) and explain additional rights that apply to consumers.
What does this Privacy Notice do?
This Notice explains Aon’s information processing practices and applies to any personal information, as defined further below, you provide to us and any personal information we collect from other sources or automatically. This Notice is a statement of our information practices and of your rights regarding your personal information.
This Notice does not apply to your use of a third party site linked to from this website.
If you have a disability and require an alternative format to this Notice, please email us at: firstname.lastname@example.org or call +1.877.384.4276 (toll free) so that we may provide you with a more suitable format.
Information We Collect
Aon collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, Aon has collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Contact Information and Identifiers.
||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, health insurance information, or benefits information. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
||Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network usage activity.
||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data.
||Precise physical location or movement. Data about a particular individual or device.
|H. Sensory data.
||Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
||Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Aon obtains each of the categories of personal information listed in the table above from the following categories of sources:
- Directly from you. For example:
- From forms you complete or products and services you request or purchase;
- When you register for or attend an Aon site or event;
- When you apply for a position at Aon;
- If you contact us with a complaint or query; or
- When you engage with us over social media.
- From our clients or other third parties. For example:
- When we provide services for our clients, when personal information is strictly relevant to the services we provide. Our services and products include insurance broking, claims management, risk management consulting, other forms of insurance services (including underwriting of insurance products and reinsurance), employee benefits program administration, and investment advisory services. In these cases, your personal information will be provided to us by our clients, or advisors or service providers acting on behalf of our clients. Sometimes our clients may ask us to contact you directly.
- From third parties such as insurance companies, insurance brokers or agents, credit organizations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, and publicly available sources.
- In relation to benefit or compensation programs offered or sponsored by your employer.
- Indirectly from you. For example, we and our service providers may:
- observe your actions on our website;
- Social media. We may collect, receive and retain certain information if you interact with us through social media websites or features. You may also choose to link your account with us to third party social media sites. If you link your account or engage with us on or through third party social media sites or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
- Content you post. If you post content to our website, such as reviews, ratings or comments (“User Content”), we maintain a record of such User Content.
- Mobile devices. If you access our websites on your mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and your precise geolocation information.
Use of Personal Information
We may use or disclose each of the categories of personal information we collect for each of the following purposes:
- When you request services, we ask that you provide personal information that enables us to respond to your request or inquiry. When you provide personal information to us, we generally use it for the purposes as described in this Notice further below, for example providing an insurance quote, applying for a position with us or creating a profile on our website or application.
- In order to perform our professional consultancy and risk based advisory services. This may impact you, for example, where you are the employee of our client, or the member of a client's pension program. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards.
- To administer our client engagements. We process personal information about our clients and the individual representatives of our corporate clients in order to:
- carry out "Know Your Client" checks and screening prior to starting a new engagement;
- carry out client communication, service, billing and administration;
- deal with client complaints;
- administer claims.
- To contact our clients in relation to current, future and proposed engagements.
- To send our clients newsletters, know-how, promotional material and other marketing communications.
- To invite our clients to events (and arrange and administer those events).
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To anonymize and aggregate data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports and for other research and analytics purposes.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To protect our business operations, secure our network and information technology, assets and services; to prevent and detect fraud, unauthorized activities, unauthorized access and other misconduct; where we believe necessary to investigate, prevent or take action regarding suspected violations of our Aon Legal Notice or this Notice, as well as fraud, illegal activities, cheating, misconduct and other situations involving potential threats to the rights or safety of any person or third party.
- As described to you when collecting your personal information
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Aon's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Aon is among the assets transferred, including any negotiations related to the aforementioned.
Aon will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosing Personal Information
Aon may disclose your personal information to third parties as set out below.
We share each of the categories of personal information we collect (as stated above) with each of the following categories of parties:
- Within Aon. We may share your personal information with other Aon entities, brands, divisions, and subsidiaries to serve you, including for the activities listed above.
- Third Parties. We may share your personal information with third parties, however, we do not rent, sell or otherwise disclose personal information with unaffiliated third parties for their own direct marketing use.
- Business Partners. We disclose personal information to business partners who provide certain specialized services to us, or who cooperate with us on projects. These business partners operate as separate businesses, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices. Examples include:
- Banking and finance products – credit and fraud reporting agencies, debt collection agencies, insurers, reinsurers, and managed fund organizations for financial planning, investment products, and trustee or custodial services in which you invest.
- Insurance broking and insurance products – insurers, reinsurers, other insurance intermediaries, insurance reference bureaus, medical service providers, fraud detection agencies, our advisers such as loss adjusters, lawyers, accountants, and others involved in the claims handling process.
- Authorized Service Providers. We may disclose your information to service providers we have retained to perform services on our behalf (either in relation to services performed for our clients, or information which we use for our own purposes, such as marketing). Examples include:
- IT service providers who manage our IT and back office systems and telecommunications networks;
- Marketing automation providers; and
- Contact center providers.
- Legal Obligation and Business Transfers. We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request. (ii) in response to law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity or (v) in the event that we are subject to a divestiture, merger or acquisition, or in the event of the dissolution of our business. Disclosure may also be required for company audits or to investigate a complaint or security threat.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category E: Biometric information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Sensory data.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other personal information.
Sales of Personal Information
In the preceding twelve (12) months, Company has sold the following categories of personal information:
Category A. Identifiers and Category F: Internet or other similar network activity.
We sell your personal information to the following categories of third parties:
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information and imposes restrictions on particular business practices as set forth below, and prohibits us from discriminating against individuals for exercising their privacy rights under the law. If you are a California resident, this section describes your CCPA rights and explains how to exercise those rights.
Initial Notice: to be notified at or before the point of collection of the categories of personal information collected and the purposes for which such categories are used.
Do-Not-Sell: the right to opt-out of our sale of your Personal Information. Our sale of your information is limited to third-party cookies used to track activity and deliver targeted ads. To exercise this right, you can turn off cookies as described in our Cookie Notice.
Verifiable Requests to Delete and Requests to Know. Subject to certain exceptions, consumers have the right to make the following requests, at no charge:
Request to Know
California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties/with whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third party for a business purpose;
- categories of personal information collected; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
California residents may make Requests to Know up to twice every 12 months.
Deletion Request Rights
You have the right to request that Aon delete your personal information that we collected from you, subject to certain exceptions as set out by law. Once we receive and verify your consumer request (see Submitting a Verifiable Request ), we will delete your personal information from our records, unless an exception applies.
Personal Information Sales Opt-Out and Opt-In Rights
You have the right to direct us to not sell your personal information at any time (the "right to opt-out" of sales). The CCPA defines a “sale” as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation, we do disclose or make available personal information to third parties in order to receive certain services or benefits from them. Opt-out rights can be exercised by going to our Cookie Notice . We do not sell personal information about California residents who we know are younger than 16 years old without opt-in consent. The personal Information disclosed may fall into the following category: Identifiers and Internet and other Similar Network Activity.
To exercise the right to opt-out, you may indicate your cookie preferences by visiting the following Internet Web page link: "Do Not Sell My Personal Information"
The CCPA prohibits discrimination against those who exercise their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Submitting a Verifiable Request
To submit a verifiable Delete, Copy or Right to Know request, please email us at email@example.com, or call +1.877.384.4276 (toll free).
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Changes to Our Privacy Notice
Aon reserves the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice's effective date. If the changes materially affect you, we will attempt to notify you in advance of such change, such as via a notice on our Site and via email to the email address we have on file for you. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
If you have any questions about this Notice, the ways in which Aon collects and uses your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
- Calling us at +1.877.384.4276 (toll free)
- Contacting us at firstname.lastname@example.org.
Attn: Global Privacy Office
200 E. Randolph Street
Chicago, IL 60601