Privacy Notice for US Locations with Applicable Privacy Laws

Aon plc. (“Aon”) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Aon is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their personal information with us.

What Does This Privacy Notice Do?

This Privacy Notice (“Notice”) explains Aon’s information processing practices. It applies to any personal information we process, including when you provide it directly to us, interact with us online, or otherwise engage with us. This Notice does not apply to your use of a third-party site linked to this website.

This Notice aims to help you understand our personal data collection, usage and disclosure practices by explaining:

Who is responsible for your information?
How do we collect your information?
What personal information do we collect?
How do we use your personal information?
How do we disclose your personal information?
Do we collect information from children?
How long do we retain your personal information?
Do we have security measures in place to protect your information?
Other rights regarding your data
Automated Decisions
Cookies
Marketing
Third Party Sites
Contact Us
Changes to this Notice
Location specific information

Who is responsible for your information?

Throughout this Notice, Aon refers to Aon Plc., including its affiliated companies and subsidiaries (also referred to as “we”, “us”, or “our”). A full list of our group entities is available here.

How do we collect your information?

The personal information we collect depends upon how you interact with us and the nature of our services. This Notice provides an overview of the categories of personal information we collect, both online and offline. We may collect your information in the following ways:

Directly from you. We may collect personal information directly from you when you request our services, register with or use any of our websites or applications, when you submit an application to Aon, or when you contact us with a complaint or inquiry. This may include, but is not limited to, contact information, demographic information, and details about the specific service you are requesting. You are required to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information we reasonably require to fulfill these obligations, we may be unable to offer the services to you and/or we may terminate the services provided with immediate effect. Where you provide personal information to Aon about third-party individuals (e.g., information about your spouse, civil partner, child(ren), dependents or emergency contacts), where appropriate, you should provide these individuals with a copy of this Statement beforehand or ensure they are otherwise made aware of how their information will be used by Aon. Where you provide information to us about your beneficiaries we may require you to provide explicit consent on their behalf.
Information we automatically collect. In some instances, we automatically collect certain types of information about you and your device when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the footer of our page (where applicable).
Information we collect from clients or third parties. When we provide the services to our clients, we may collect personal information from our clients about you, such as your name, contact details, date of birth, gender, marital status, financial details, employment details, and benefit coverage. We may also collect data from public sources including, but not limited to, social media and other websites that enable social sharing, from government agencies, public or third-party information sources, third-party service providers, or business partners.

What personal information do we collect?

Aon may collect the following types of personal information:

Contact information, such as your name, address, phone number, email address, and mailing address
Information we automatically collect. such as your date of birth, gender, race, marital status, and lifestyle information
Employment and education-related information, such as your employment status, job title, salary information, benefits information, and information about education-related history or background
Purchase history and tendencies, such as commercial information including records of personal property, products or services purchased, obtained, or considered
Health information, such as information about your health status, medical records, and medical assessment outcomes
Claims data, such as information about any claims concerning your insurance policy
Financial details, such as payment card and bank account details, details of your credit history and bankruptcy status, salary, tax code, third party deductions, bonus payments, benefits and entitlement data, national insurance contributions details
Social media interactions, such as likes and posts and other interactions with our social media profiles
Information related to your insurance requests, such as information about your upcoming travel, wedding or other event, family (including pets), and other details related to services you request from us
Internet activity, such as your Internet Protocol (“IP” address, browser and search history, device information, and information about your visits to our websites
Criminal records information, such as the existence of or alleged criminal offences, or confirmation of clean criminal records
Account information, such as any username, email, and password used in connection with establishing an account with us
Inferences drawn from any of the personal information described above to create a profile about an individual’s preferences, behavior, characteristics, and attitudes

Some of the personal information Aon collects may be considered “sensitive personal information” under certain data protection laws, such as financial or health information. Aon uses sensitive personal information for specific purposes such as processing transactions or providing you with the product you requested from us. Where required, Aon will obtain your consent when processing your sensitive personal information unless otherwise permitted by law. Please note, if you do not consent, Aon may not be able to provide you with the specific product or service you request.

Well One users: Under some circumstances, you may also have the right to limit how Aon uses your sensitive personal information. To learn more about how to do so,

hover here

Users are able to delete their accounts on Well One themselves. After clicking on the Delete Your Account button, the user will be asked to enter password in order to confirm the deletion of the account and to avoid accidental deletions. If an account is deleted, it remains on a “deactivated” status for a 30-day period. During this period, the platform provider or the customer is able reactivate the account again. Users will not be able to reactivate their own account and must request customers or platform providers to do so on their behalf. Once the 30-day period is over all data is permanently deleted.

How do we use your personal information?

How Aon uses personal information depends upon how you interact with us and which services you use. For the most part, Aon uses personal information to provide our products and services to you, to make them better, process transactions, communicate with you, security and fraud prevention, and to comply with law.

Generally, we use personal information for the following purposes:

Performing services for you and our clients. We process personal information which our clients provide to us in order to perform our professional risk based advisory services. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards.
Communications and marketing to our clients and prospective clients. We process personal information about our clients, prospective clients, and the individual representatives of our corporate clients to: send newsletters, know-how, promotional material and other marketing communications; and invite our clients to events, including arranging and administering those events.
Conducting data analytics, benchmarking and modeling. Aon is an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements to analyze trends. Aon also uses data to perform analysis, modeling, benchmarking and research.
Crime prevention. We process personal information to facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders and to comply with laws/regulations. For example, we do this as part of our business acceptance, finance, administration and recruitment processes, including anti-money laundering and sanctions screening checks.
Mergers and acquisitions. We process personal information in the event of a sale, acquisition or reorganization. This includes processing personal information for planning and due diligence purposes both prior to closing and after a transaction has closed for reasons related to the sale, acquisition, or reorganization and in order to transfer books of business to successors of the business.
Process and service improvement. We process personal data to maintain and improve processes used in providing the services and uses of technology, including testing and upgrading of systems. We also process data to develop new services.
Comply with law. We process personal information about our clients and the individual representatives of our corporate clients to comply with our legal and regulatory obligations. This may include conducting “Know Your Customer” checks and screening, anti-money laundering compliance, trade sanctions screening, and defending ourselves in litigation and investigations and to prosecute litigations.

We may use personal information collected from any of the sources listed above for our internal business purposes, such as data analysis, audits, developing new products, enhancing our Services, identifying usage trends and determining the effectiveness of our promotional campaigns. We may also use inferences drawn from personal information to create a profile reflecting your preferences.

We may aggregate, anonymize and/or de-identify data we collect about customers and site visitors and use it for any purpose, including product and service development and improvement activities.

How do we disclose your personal information?

We generally disclose your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you.

Within Aon, where we may disclose your personal information to other Aon entities, brands, divisions, and subsidiaries to serve you, including for the activities listed above in this Notice
Business partners, including entities who provide certain specialized services to us, or who co-operate with us on projects
Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services
Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature
Medical professionals, e.g., where you provide health information in connection with a claim against your insurance policy
Law enforcement bodies, when required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, and where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders
Service providers, such as our vendors, contractors, business and service partners, or other third parties. Examples of Service Providers include analysis firms, advertisers, payment processing companies, customer service and support providers, email, IT services and SMS vendors, web hosting and development companies and fulfillment companies. Aon’s practice is to require its service providers to keep your personal information confidential and to use personal information only to perform functions for Aon
In connection with a merger, acquisition, or business transfer, where Aon or the services are sold to, acquired by or merged with another organization, in whole or in part, and personal information needs to be shared with relevant third parties as part of due diligence processes and transfers to the new entity. Where personal information is shared in these circumstances it will shared in accordance with this Statement

We may allow certain companies to place tracking technologies like cookies on our websites. Those companies receive information about your interaction with our websites that is associated with your browser or device and may use that data to serve you relevant ads on our websites or others. Except for this kind of disclosure, we do not sell any of your information to third parties. For more information please see our Cookie Policy.

At Aon’s discretion, it may also disclose aggregated, anonymized or de-identified information that is not personally identifiable to third parties.

Do we collect information from children?

We do not directly provide any services to children under 16 years of age and children are prohibited from using our websites. Certain Aon solution lines may process data related to children, such as their date of birth, address, and other identifiable information. This information is not collected directly from children, but from other parties such as from our client, the carrier, or directly from you as the parent or guardian of the child (e.g., so that the child may be named a beneficiary to an insurance policy).

How long do we retain personal information?

We will keep your personal information for as long as we have an ongoing legitimate business need to do so. This includes providing you with a service you have requested from us or to comply with applicable legal requirements. It also includes keeping your personal information for so long as there is any possibility that you or we may wish to bring a legal claim, or where we are required to keep your personal information for legal or regulatory reasons. If you wish to receive further information regarding our record retention procedures, please contact us using the contact details provided under the “How Can I Contact Aon?” section below.

We may also retain your personal information where such retention is necessary in order to protect your vital interests or the vital interests of another natural person.

Do we have security measures in place to protect your information?

The security of your personal information is important to us and Aon has implemented reasonable physical, technical and administrative security standards in an effort to protect personal information from loss, unauthorized access, misuse, alteration or destruction and to ensure that such information is processed in accordance with applicable data privacy laws. However, the confidentiality of information transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal information over the Internet, especially personal information related to your health and finances.

Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.

Other rights regarding your data

Subject to certain exemptions and the jurisdiction in which you live, and in some cases dependent upon the processing activity we are undertaking, you may have certain rights in relation to your personal information. We have listed some of the common rights that may be applicable below. When you exercise these rights, we may need to ask you for additional information to confirm your identity, before disclosing information to you or responding to your request. We will not charge a fee unless your request is manifestly unfounded or excessive and/or we are permitted by law to levy such charges.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. If we cannot fully address your request, we will contact you to let you know and explain the reason why your request was denied.

Right to Know and Access. You have the right to access or the rights to know under certain circumstances the personal information which Aon processes about you. You also have the right to know what information, if any, Aon discloses to third parties and the identities of those third parties.
Right to Correction. You may have the right to request us to correct your personal information where it is inaccurate or out of date.
Right to Deletion. You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
Right to Object to Targeted Advertising. Where your personal information is processed for direct or targeted marketing purposes, you shall have the right to object at any time to processing of personal information. We will provide specific information on how to opt-out from our marketing initiatives through the medium we communicate with you.
Right to Opt-Out of Sale. You may have the right to opt-out of information Aon shares for cross-context behavioral advertising purposes. To opt-out of Aon sharing your information for cross-context behavioral advertising, please visit the “Global Privacy Control (GPC) Signal” section below or click here.
Right to Opt-Out of or Limit Use of Sensitive Personal Information. You may have the right to limit how Aon uses sensitive personal information for certain purposes. To learn more about this right, click here.
Right to Restrict Processing. You may have the right under certain circumstances to request the restriction of your personal information from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
Right to Data Portability. You have the right under certain circumstances to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
Right to Object to Processing. You have the right to object the processing of your personal information at any time, but only where that processing is based our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Decline Automated Decision Making. You have the right to object to decisions involving the use of your personal information, which have been taken solely by automated means.

To help protect the security of your personal information, Aon will verify your identity in connection with any requests. We take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the personal information entrusted to us, including information to verify that you are authorized to make that request.

There may be situations where we cannot grant your request. For example, if you make a request and we cannot verify your identity, we will not be able to comply with the request. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your personal information, such as when the information is necessary to complete a transaction. Other reasons your request may be denied are if it jeopardizes the privacy of others or would be extremely impractical to honor.

We will not discriminate against you and will not restrict or deny you access to our Services because of choices and requests you make in connection with your personal information. Please note, certain choices may affect our ability to deliver our Services. For example, if you sign up to receive marketing communications by email, then us to delete all of your information, we will be unable to send you marketing communications.

You may exercise any of your rights in relation to your personal information by contacting us using the details provided under the Contact Ussection below.

Global Privacy Control (GPC) Signal

You have the right to opt out of the use of your personal information for targeted advertising purposes. To communicate your desire to opt-out, you may configure your browser to send the Global Privacy Control (“GPC”) signal, which will transmit your opt-out request to Aon automatically.

To turn on the GPC signal, you can download one of the supported browsers or extensions. You may visit https://globalprivacycontrol.org/#download for a list of the available browsers or extensions.

Automated Decisions

Where you apply or register to receive the service we may carry out a real-time automated assessment to determine whether you are eligible to receive the service. An automated assessment is an assessment carried out automatically using technological means (e.g., computer systems) without human involvement. This assessment will analyze your personal information and comprise several checks, e.g., credit history and bankruptcy check, validation of your driver’s license, validation of your previous claims history and other fraud prevention checks. Where your application to receive the service does not appear to meet the eligible criteria, it may be automatically refused, and you will receive notification of this during the application process. However, where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us.

Cookies

Aon’s online services, interactive applications, and advertisements may use cookies and other technologies such as web beacons. We use this information to better understand, customize and improve user experience with our websites, services and offerings as well as to manage our advertising. This information can make your use of our Aon Services easier and more meaningful by allowing Aon and our service providers to provide better service, customize sites based on consumer preferences, compile statistics, provide you with more relevant advertisements based on your interests, analyze trends and otherwise administer and improve our products and services. If we have collected your personal information, we may associate this personal information with information gathered through these tools. For more information please visit our Cookies Notice and through our Cookie Preference Center, which can be found by selecting the "Do Not Sell or Share My Personal Information" link at the footer of the applicable Aon Privacy Notice.

Third Party Sites

We may provide links to websites and other third-party content that is not owned or operated by Aon. The websites and third-party content to which we link may have separate privacy notices or policies. Aon is not responsible for the privacy practices of these websites.

If you provide any personal information through a third-party site, your interaction and your personal information will be collected by, and controlled by the privacy policy of, that third-party site. We recommend that you familiarize yourself with the privacy policies and practices of any such third parties, which are not governed by this Privacy Statement.

Contact Us

If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about this Notice, please contact Aon’s Global Privacy Office, Aon plc, 200 E. Randolph, Chicago, Illinois 60601 or [email protected].

You also have a right to lodge a complaint with your local data protection supervisory authority,

Changes to this Notice

We may update this Notice from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.

We encourage you to periodically review this Notice so that you will be aware of our privacy practices.

This Statement was last updated on December 8, 2023

Location Specific Information

Below are the categories of Personal Information that Aon collected and disclosed for a business purpose or shared with third parties in the past twelve (12) months.

*Categories of Personal Information We May Collect, Disclose, or Share*	*Purposes for Collection / Use*	*Applicable Users*	*Categories of Third Parties to Whom PI may be Disclosed or Shared*
Name, contact details, and other demographic information (e.g., name, email address, mailing address, phone number)	Provide you with our services, process transactions, and communicate with you	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators, government/law enforcement where necessary
Account information (e.g., username, email, and password on your Aon account)	Provide you with our services, process transactions, and communicate with you	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators
Financial and payment information (e.g., information used to complete a transaction)	Provide you with our services and process transactions	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators
Sensitive Personal Information including certain financial information (e.g., financial information related to enrolling you in our Services)	Provide you with our services and comply with law	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators, government/law enforcement where necessary
Usage Data / Internet Activity (e.g., IP address, browsing and search history)	Provide you with our services, conduct research, and to prevent fraud	website visitors	Aon family of companies, service providers, collaborators
Employment and educational information (e.g., job title and salary, participation information)	Provide you with our services	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators
Insurance information (e.g., information related to products and services you request from us, claims data, purchase history)	Provide you with our services	Accountholders/policy holders or applicants	Aon family of companies, service providers, collaborators
Inferences (e.g., inferences drawn from any of the information identified above to make a profile of a resident, including preferences, behavior, characteristics, and attitudes)	Provide you with our services, and conduct product-improvement research	Accountholders/policy holders or applicants, website visitors	Aon family of companies, service providers, collaborators