Privacy Notice for California Residents
Aon PLC including its affiliated companies and subsidiaries (“Aon” "we", "us", or "our”), is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Aon is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their personal information with us.
This Privacy Notice (“Notice”) supplements the terms of the Aon Global Privacy Statement and applies to visitors, users, and others who are residents of the State of California (“consumer” or “you”) and explain additional rights that apply to consumers.
What does this Privacy Notice do?
This Notice explains Aon’s information processing practices and applies to any personal information, as defined further below, you provide to us and any personal information we collect from other sources or automatically. This Notice is a statement of our information practices and of your rights regarding your personal information.
This Notice does not apply to your use of a third party site linked to from this website.
If you have a disability and require an alternative format to this Notice, please email us at: firstname.lastname@example.org or call +1.877.384.4276 (toll free) so that we may provide you with a more suitable format.
Information We Collect
Aon collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, Aon has collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Contact Information and Identifiers.
||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, health insurance information, or benefits information. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
||Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data (Notice provided and written consent obtained as required by law).
|F. Internet or other similar network usage activity.
||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data.
||Precise physical location or movement. Data about a particular individual or device.
|H. Sensory data.
||Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
||Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Some of the personal information Aon collects may be considered “sensitive personal information” under certain data protection laws, such as financial or health information collected in connection with benefits enrollment. Aon uses sensitive personal information for specific purposes such as processing transactions or enrolling you in benefits.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Aon obtains each of the categories of personal information listed in the table above from the following categories of sources:
- Directly from you. For example:
- From forms you complete or products and services you request or purchase;
- When you register for or attend an Aon site or event;
- When you apply for a position at Aon;
- If you contact us with a complaint or query
- Information you choose to provide; or
- When you engage with us online.
- From our clients, business partners, or other third parties. For example:
- When we provide services for our clients, when personal information is strictly relevant to the services we provide. Our services and products include insurance broking, claims management, risk management consulting, other forms of insurance services (including underwriting of insurance products and reinsurance), employee benefits program administration, and investment advisory services. In these cases, your personal information will be provided to us by our clients, or advisors or service providers acting on behalf of our clients. Sometimes our clients may ask us to contact you directly.
- From third parties such as insurance companies, insurance brokers or agents, credit organizations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, and publicly available sources.
- In relation to benefit or compensation programs offered or sponsored by your employer.
- Collected automatically. For example, we and our service providers may:
- observe your actions on our website;
- Social media. We may collect, receive and retain certain information if you interact with us through social media websites or features. You may also choose to link your account with us to third party social media sites. If you link your account or engage with us on or through third party social media sites or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
- Content you post. If you post content to our website, such as reviews, ratings or comments (“User Content”), we maintain a record of such User Content.
- Device you use to connect with us. We may also collect your unique device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and your precise geolocation information.
Use of Personal Information
How Aon uses your information depends on how you interact with us and what services you use. For the most part, Aon uses personal information to provide our products and services to you and make them better, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal information for other purposes with notice or with your consent.
Generally we use personal information for the following purposes:
- When you request services, we ask that you provide personal information that enables us to respond to your request or inquiry. When you provide personal information to us, we generally use it for the purposes as described in this Notice further below, for example providing an insurance quote, applying for a position with us or creating a profile on our website or application.
- In order to perform our professional consultancy and risk based advisory services. This may impact you, for example, where you are the employee of our client, or the member of a client's pension program. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards.
- To administer our client engagements. We process personal information about our clients and the individual representatives of our corporate clients in order to:
- carry out "Know Your Client" checks and screening prior to starting a new engagement;
- carry out client communication, service, billing and administration;
- deal with client complaints;
- administer claims.
- To contact our clients in relation to current, future and proposed engagements.
- To send our clients newsletters, know-how, promotional material and other marketing communications.
- To invite our clients to events (and arrange and administer those events).
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To anonymize and aggregate data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports and for other research and analytics purposes.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To protect our business operations, secure our network and information technology, assets and services; to prevent and detect fraud, unauthorized activities, unauthorized access and other misconduct; where we believe necessary to investigate, prevent or take action regarding suspected violations of our Aon Legal Notice or this Notice, as well as fraud, illegal activities, cheating, misconduct and other situations involving potential threats to the rights or safety of any person or third party.
- As described to you when collecting your personal information
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Aon's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Aon is among the assets transferred, including any negotiations related to the aforementioned.
Aon will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosing Personal Information
Aon may disclose your personal information to third parties as set out below.
We share each of the categories of personal information we collect (as stated above) with each of the following categories of parties:
- Within Aon. We may share your personal information with other Aon entities, brands, divisions, and subsidiaries to serve you, including for the activities listed above.
- Third Parties. We may share your personal information with third parties, however, we do not rent, sell or otherwise disclose personal information with unaffiliated third parties for their own direct marketing use.
- Business Partners. We disclose personal information to business partners who provide certain specialized services to us, or who cooperate with us on projects. These business partners operate as separate businesses, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices. Examples include:
- Banking and finance products – credit and fraud reporting agencies, debt collection agencies, insurers, reinsurers, and managed fund organizations for financial planning, investment products, and trustee or custodial services in which you invest.
- Insurance broking and insurance products – insurers, reinsurers, other insurance intermediaries, insurance reference bureaus, medical service providers, fraud detection agencies, our advisers such as loss adjusters, lawyers, accountants, and others involved in the claims handling process.
- Authorized Service Providers. We may disclose your information to service providers we have retained to perform services on our behalf (either in relation to services performed for our clients, or information which we use for our own purposes, such as marketing). Examples include:
- IT service providers who manage our IT and back office systems and telecommunications networks;
- Marketing automation providers; and
- Contact center providers.
- Legal Obligation and Business Transfers. We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request. (ii) in response to law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity or (v) in the event that we are subject to a divestiture, merger or acquisition, or in the event of the dissolution of our business. Disclosure may also be required for company audits or to investigate a complaint or security threat.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category E: Biometric information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Professional or employment-related information.
Category I: Non-public education information.
Category J: Inferences drawn from other personal information.
Sales of Personal Information
In the preceding twelve (12) months, Company has sold the following categories of personal information:
Category A. Identifiers and Category F: Internet or other similar network activity.
We sell your personal information to the following categories of third parties:
We may disclose your personal information with the following categories of entities:
||Within Aon: we may share your personal information with other Aon entities, brands, divisions, and subsidiaries for the processing purposes outlined in this Statement;
||Insurance market participants where necessary to offer, administer and manage the services provided to you, such as insurers and insurance underwriters, reinsurers, brokers, intermediaries and loss adjusters. The insurance underwriter is the insurer that is underwriting your insurance policy and is named in your policy documentation. You should refer to the insurer’s privacy statement on their website for further information about their privacy practices;
||Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services;
||Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature;
||Medical professionals, e.g., where you provide health information in connection with a claim against your insurance policy;
||Law enforcement bodies, when required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, and where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;
||Public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity;
||Service providers, such as our vendors, contractors, business and service partners, or other third parties. Examples of Service Providers include analysis firms, advertisers, payment processing companies, customer service and support providers, email, IT services and SMS vendors, web hosting and development companies and fulfillment companies. Aon’s practice is to require its service providers to keep your personal information confidential and to use personal information only to perform functions for Aon.
||In connection with a merger, acquisition, or business transfer, where Aon or the services are sold to, acquired by or merged with another organization, in whole or in part, and personal information needs to be shared with relevant third parties as part of due diligence processes and transfers to the new entity. Where personal information is shared in these circumstances it will shared in accordance with this Statement; and
||Internal and external professional consultants such as accountants, legal advisors, and auditors, and where necessary for the conduct of company audits or to investigate a complaint or security threat.
||Collaborators, such as our partners or other organizations with which we jointly develop and/or promote our Services.
We will keep your personal information for as long as we have an ongoing legitimate business need to do so. This includes providing you with a service you have requested from us or to comply with applicable legal requirements. It also includes keeping your personal information for so long as there is any possibility that you or we may wish to bring a legal claim, or where we are required to keep your personal information for legal or regulatory reasons. If you wish to receive further information regarding our record retention procedures, please contact us using the contact details provided under the “How Can I Contact Aon?” section below.
We may also retain your personal information where such retention is necessary in order to protect your vital interests or the vital interests of another natural person.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information and imposes restrictions on particular business practices as set forth below, and prohibits us from discriminating against individuals for exercising their privacy rights under the law. If you are a California resident, this section describes your CCPA rights and explains how to exercise those rights.
Verifiable Requests to Delete, Correct and to Know. Subject to certain exceptions, consumers have the right to make the following requests, at no charge:
Request to Know
California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties/with whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third party for a business purpose;
- categories of personal information collected; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
California residents may make Requests to Know up to twice every 12 months.
Deletion Request Rights
You have the right to request that Aon delete your personal information that we collected from you, subject to certain exceptions as set out by law. Once we receive and verify your consumer request (see Submitting a Verifiable Request ), we will delete your personal information from our records, unless an exception applies.
You have the right to request us to correct your personal information where it is inaccurate or out of date. Once we receive and verify your consumer request (see Submitting a Verifiable Request ), we will endeavor to correct your personal information from our records.
Right to Opt-Out of the Sale or Sharing of your Personal Information
You have the right to direct us to not sell your personal information at any time (the "right to opt-out" of sales). The CCPA defines a “sale” as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation, we do disclose or make available personal information to third parties in order to receive certain services or benefits from them. Opt-out rights can be exercised by going to our Cookie Notice . We do not sell personal information about California residents who we know are younger than 16 years old without opt-in consent. The personal Information disclosed may fall into the following category: Identifiers and Internet and other Similar Network Activity.
You also have the right to opt-out of information Aon shares for cross-context behavioral advertising purposes. To exercise the right to opt-out of “Selling” or “Sharing”, you may indicate your cookie preferences by visiting the following Internet Web page link: "Do Not Sell or Share My Personal Information" or you may configure your browser to send the Global Privacy Control (“GPC”) signal, which will transmit your opt-out request to Aon automatically.
To turn on the GPC signal, you can download one of the supported browsers or extensions. You may visit https://globalprivacycontrol.org/#download for a list of the available browsers or extensions.
We will not discriminate against you and will not restrict or deny you access to our services because of choices and requests you make in connection with your personal information. Please note, certain choices may affect our ability to deliver our Services. For example, if you sign up to receive marketing communications by email, then ask us to delete all of your information, we will be unable to send you marketing communications. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Submitting a Verifiable Request
To submit a verifiable Delete, Copy or Right to Know request, please email us at email@example.com, or call +1.877.384.4276 (toll free).
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are an authorized agent making a request, we may require and request additional information to protect the personal information entrusted to us, including information to verify that you are authorized to make that request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your personal information, such as when the information is necessary to complete a transaction. Other reasons your request may be denied are if it jeopardizes the privacy of others, or would be extremely impractical to honor.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Changes to Our Privacy Notice
Aon reserves the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice's effective date. If the changes materially affect you, we will attempt to notify you in advance of such change, such as via a notice on our Site and via email to the email address we have on file for you. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
If you have any questions about this Notice, the ways in which Aon collects and uses your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
- Calling us at +1.877.384.4276 (toll free)
- Contacting us at firstname.lastname@example.org.
Attn: Global Privacy Office
200 E. Randolph Street
Chicago, IL 60601