Aon Data Protection Statement
Aon Solutions Ltd is a subsidiary of Aon plc (NYSE:Aon), one of the
leading global professional services firms providing a broad range of risk,
retirement and health solutions. Aon is committed to protecting your data. This
commitment reflects the value we place on earning and keeping the trust of our
customers, business partners, and others who share their personal information
with us.
What does this Data Protection Statement do?
This Data Protection Statement
("Statement") explains Aon’s information processing practices.
It applies to any personal information you provide to Aon and any personal
information we collect from other sources. This Statement is a statement of our
practices and of your rights regarding your personal information.
This is not a contractual document, and it does not create any rights or
obligations on either party, beyond those which already exist under data
protection laws.
This Statement does not apply to your use of a third party
site linked to this website.
Who is responsible for your information?
Throughout this Statement, "Aon" refers to Aon Solutions Ltd (also
referred to as "we", "us", or "our"). Aon is responsible for your personal
information (and the controller for the purposes of data protection laws) that
it originally collects information from or about you. This may also be explained
in separate data protection notices made available when your personal
information are first collected by Aon, for example where you or the business
you work for engages us to provide a service.
Some of the services which Aon provides to its clients are provided as
a processor, which means that the client remains primarily responsible for his
information. In these circumstances, we may re-direct a query about our
use of your information to our client.
Quick read
Aon collects personal
information from its clients (about their
employees and customers) to provide risk based
services, such as insurance broking, risk
management consulting, employee benefits and
pension administration. Aon
also collects some personal information
directly.
Aon uses personal
information to deliver services to clients.
For its own purposes, it also uses
personal information to analyse and improve how
it delivers those services, to contact
representatives of its clients or prospective
clients and to market to them.
If Aon uses your personal
information, you will have certain important
rights which you can exercise.
The rights you will be able to exercise
will depend on how and why Aon uses your
information.
The primary point of
contact at Aon for questions regarding your
personal information is Aon
Solutions Ltd, 1st Floor The Pod, Vivéa Business
Park, Moka 81406, Mauritius or
privacy@aonhewitt.mu.
|
When and how do we collect your information?
Aon collects personal information in the following ways:
·
When we perform services for our clients. Our services and products include
insurance broking, risk management consulting, actuarial consultancy services,
HR consulting, pension fund secretarial services, pension fund administration
and investment consultancy services. In these cases, your personal information
will normally be provided to us by our clients
(or advisors or service providers acting on behalf of our clients), or sometimes
our clients may ask us to contact you directly. We may also need to obtain
information from third parties such as insurance companies, insurance brokers or
agents, motor vehicle authorities, financial institutions, medical professionals
and publicly available sources.
· When you request a service from
us. For example, if you ask us to obtain insurance quotes on your behalf, or if
you contact us as a representative of your employer to enquire about a
professional service you would like us to offer to your company.
· When you attend an Aon site or
event. You may provide this information directly, or it may be provided by your
employer or colleagues.
· When you apply for a position at
Aon. You may provide this information directly (via correspondence), or it may
be provided via an agency.
· If you contact us with a
complaint or query.
What information do we collect?
Information you provide to us
When you request services, we ask that you provide accurate and
necessary information that enables us to respond to your request. When a visitor
provides personal information to us, we use it for the purposes for which it was
provided to us as stated at the point of collection or as obvious from the
context of collection, for example providing an insurance quote or applying for
a position at Aon.
Information we collect from clients or third parties
When we provide the services listed above for our clients, we may
collect personal information such as your name, contact details, date of birth,
gender, marital status, financial details, employment details, and benefit
coverage. We may also collect (in each case as strictly relevant to the services
we provide) sensitive information about you, such as criminal convictions or
health information in relation to life, health, professional liability and
workers compensation insurance or employee benefit programs sponsored by your
employer. Most of the personal information we receive relates to your
participation in the compensation and benefits programs offered by your
employer.
More information about the personal information collected for each of
our services, together with the purpose and legal basis for collecting the
information, will be provided to you in separate data protection notices which
are relevant to the services which affect you.
We will not collect any sensitive information through our website.
Sensitive information includes a number of types of data relating to: race or
ethnic origin; political opinions; religious or other similar beliefs; trade
union membership; physical or mental health; sexual life or criminal record.
We suggest that you do not provide sensitive information of this nature unless
we specifically request this information.
If you provide us with sensitive personal information, you understand
and give your explicit consent that we may collect, use and disclose this
information to appropriate third parties for the purposes described in this
Statement. If you provide personal information about other individuals such as
employees or dependents, you must obtain their consent prior to your disclosure
to us.
How do we use your personal information?
The following is a summary of the purposes for which we use personal
information. More information about the personal information collected for
each of our services, together with the purpose and legal basis for collecting
the information, will be provided to you in separate data protection notices
which are relevant to the services which affect you.
Performing services for our clients
We process personal information which our clients provide to us in
order to perform our professional consultancy and risk based advisory services.
This may impact you, for example, where you are the employee of our client, or
the member of a client's pension scheme. The precise purposes for which
your personal information is processed will be determined by the scope and
specification of our client engagement, and by applicable laws, regulatory
guidance and professional standards. It is the obligation of our client to
ensure that you understand that your personal information will be disclosed to
Aon (or to service providers such as Aon).
Administering our client engagements
We process personal information about our clients and the individual
representatives of our corporate clients in order to:
· carry out "Know
Your Client" checks and screening prior to starting a new engagement;
· carry out client
communication, service, billing and administration;
· deal with client
complaints;
· administer claims;
Contacting and marketing our clients and prospective clients
We process personal information about our clients and the individual
representatives of our corporate clients in order to:
· contact our clients in
relation to current, future and proposed engagements;
· send our clients
newsletters, know-how, promotional material and other marketing communications;
· invite our clients
to events (and arrange and administer those events).
Legal basis
All processing (i.e. use) of your personal information is justified by
a "lawful basis" for processing. In the majority of cases,
processing will be justified on the basis that:
- the processing is necessary for the performance of a
contract to which you are a party, or to take steps (at your
request) to enter into a contract (e.g. where we help an
employer to fulfil an obligation to you under an employment
contract in relation to the delivery of employee benefits);
- the processing is necessary for us to comply with a
relevant legal obligation (e.g. where we are required to collect
certain information about our clients for tax or accounting
purposes, or where we are required to make disclosures to courts
or regulators); or
- the processing is in our legitimate commercial
interests, subject to your interests and fundamental rights
(e.g. where we use personal information provided to us by our
clients to deliver our services, and that processing is not
necessary in relation to a contract to which you are a party).
In limited circumstances, we will use your consent as the basis for
processing your personal information, for example, where we are required to
obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data, or
criminal record data, we will establish a lawful exemption which will allow us
to use that information. This exemption will typically be:
· your explicit
consent;
· the establishment,
exercise or defense by us or third parties of legal claims; or
· a context specific
exemption provided for under local laws of Mauritus , such as medical diagnosis.
Do we collect information from children?
Our websites are not directed to children and we do not knowingly
collect personal information from children on our websites.
How long do we retain your personal information?
How long we retain your personal information depends on the purpose for
which it was obtained and its nature. We will keep your personal information for
the period necessary to fulfil the purposes described in this Statement unless a
longer retention period is permitted by law, in accordance with the Aon Record
Retention Policy.
In specific circumstances we may store your personal
information for longer periods of time so that we have an accurate record of
your dealings with us in the event of any complaints or challenges, or if we
reasonably believe there is a prospect of litigation relating to your personal
information or dealings.
Do we disclose your
personal information?
Within Aon
We may share your personal information with other Aon entities, brands,
divisions, and subsidiaries to serve you, including for the activities listed
above.
We do not rent, sell or otherwise disclose personal information about
our online visitors with unaffiliated third parties for their own marketing use.
We do not share your personal information with third parties except in the
following circumstances discussed below.
Business Partners
We disclose personal information to business partners who provide
certain specialized services to us, or who co-operate with us on projects.
These business partners operate as separate controllers, and are responsible for
their own compliance with data protection laws. You should refer to their
data protection notices for more information about their practices.
An example would be insurance broking and insurance products -
insurers, reinsurers, other insurance intermediaries, medical service providers,
fraud detection agencies, our advisers such as loss adjusters, lawyers and
accountants and others involved in the claims handling process
Authorized Service Providers
We may disclose your information to service providers we have retained
(as processors) to perform services on our behalf (either in relation to
services performed for our clients, or information which Aon uses for its own
purposes, such as marketing). These service providers are contractually
restricted from using or disclosing the information except as necessary to
perform services on our behalf or to comply with legal requirements. These
activities could include any of the processing activities that we carry out as
described in the above section, ‘How we use your personal information.’
An example would be IT service providers who manage our IT and back
office systems and telecommunications networks.
These third parties appropriately safeguard your data, and their
activities are limited to the purposes for which your data was provided.
Legal Requirements and Business Transfers
We may disclose personal information (i) if we are required to do so by
law, legal process, statute, rule, regulation, or professional standard, or to
respond to a subpoena, search warrant, or other legal request. (ii) in response
to law enforcement authority or other government official requests, (iii) when
we believe disclosure is necessary or appropriate to prevent physical harm or
financial loss, (iv) in connection with an investigation of suspected or actual
illegal activity or (v) in the event that Aon is subject to a merger or
acquisition to the new owner of the business. Disclosure may also be required
for company audits or to investigate a complaint or security threat.
Do we transfer your personal information across
geographies?
We form part of a global organization and may transfer certain personal
information across geographical borders to Aon entities, authorized service
providers or business partners in other countries working on our behalf in
accordance with applicable law. Our affiliates and third parties may be based
locally or they may be overseas some of which may not have an adequate level of
data protection.
When we do, we use a variety of legal mechanisms to help ensure your
rights and protections travel with your data:
· we ensure
transfers within Aon are covered by agreements based on the EU Commission's
standard contractual clauses, which contractually oblige each member to ensure
that personal information receives an adequate and consistent level of
protection wherever it resides within Aon;
- where we transfer your personal information outside
Aon or to third parties who help provide our products and
services, we obtain contractual commitments from them to protect
your personal information. Some of these assurances are well
recognized certification schemes like the EU - US Privacy Shield
for the protection of personal information transferred from
within the EU to the United States, or the standard contractual
clauses; or
·
we have provided to the Data Protection Commissioner proof of
appropriate safeguards with respect to the protection of personal data when
transferring to another country.
- where we receive requests for information from law
enforcement or regulators, we carefully validate these requests
before any personal information are disclosed.
Examples of countries we transfer personal information to include, but
are not limited to, the United States of America, the United Kingdom, Ireland,
Poland and African countries.
If you would like further information about whether your information
will be disclosed to overseas recipients, please contact us as noted below. You
also have a right to contact us for more information about the safeguards we
have put in place (including a copy of relevant contractual commitments, which
may be redacted for reasons of commercial confidentiality) to ensure the
adequate protection of your personal information when this is transferred as
mentioned above.
Do we have security measures in place to protect your information?
The security of your personal information is important to us and Aon
has implemented reasonable physical, technical and administrative security
standards to protect personal information from loss, misuse, alteration or
destruction. We protect your personal information against unauthorized access,
use or disclosure, using security technologies and procedures, such as
encryption and limited access. Only authorized individuals access your personal
information, and they receive training about the importance of protecting
personal information. .
Our service providers and agents are contractually bound to maintain
the confidentiality of personal information and may not use the information for
any unauthorized purpose.
What choices do you have about your personal information?
We offer certain choices about how we communicate with our customers
and what personal information we obtain about them and share with others. When
you provide us with personal details, if we intend to use those details for
marketing purposes, we will provide you with the option of whether you wish to
receive promotional email from us. At any time, you may opt out from receiving
interest-based advertising from us by contacting us.
You may also choose not to receive marketing communications from us by
contacting us as noted below.
How can you update your communication preferences?
We take reasonable steps to provide you with communication about your
information. You can update your communication preferences in the following
ways.
Newsletters
If you request electronic communications, such as an e-newsletter, you
will be able to unsubscribe at any time by following the instructions included
in the communication.
Email
Contact us by e-mail or postal address as noted below. Please include
your current contact information, the information you are interested in
accessing and your requested changes.
If we do not provide you with access, we will provide you with the
reason for refusal and inform you of any exceptions relied upon.
Other rights regarding your data
Subject to certain exemptions, and in some cases dependent
upon the processing activity we are undertaking, you have certain rights in
relation to your personal information.
We may ask you for additional information to confirm your
identity and for security purposes, before disclosing the personal
information requested to you. We reserve the right to
charge a fee where permitted by law, for instance if your request is manifestly
unfounded or excessive.
You can exercise your rights by contacting us.
Subject to legal and other permissible considerations,
we will make every reasonable effort to honour your request promptly or inform
you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example
if it would impact the duty of confidentiality we owe to others, or if we are
legally entitled to deal with the request in a different way.
Right to Access
You have right to access personal information which Aon holds about
you. If you have created a profile, you can access that information by
visiting your account.
Right to Rectification
You have a right to request us to correct your personal information
where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal
information erased. Your information can only be erased if your data is no
longer necessary for the purpose for which it was collected, and we have no
other legal ground for processing the data.
Right to Restrict Processing
You have the right to restrict the processing of your personal
information, but only where:·
it is no longer needed for the
purposes for which it was collected, but we still need it to establish, exercise
or defend legal claims; or
- you have exercised the right to object, and
verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide
personal information to you or another controller in a commonly used, machine
readable format, but only where the processing of that information is based on (i)
consent; or (ii) the performance of a contract to which you are a party.
Right to Object to Processing
You have the right to object to the processing of your personal
information at any time, but only where that processing has our legitimate
interests as its legal basis. If you raise an objection, we have an opportunity
to demonstrate that we have compelling legitimate interests which override your
rights and freedoms.
Right to Decline Automated Decision Making
You have the right to not be subject to decisions based solely on
automated decision making, which produce legal or significant effects for you,
except where these are (i) necessary for a contract to which you are a party;
(ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision
and require Aon to exercise human intervention.
We currently do not use automated decision making (including automated
decision making using profiling) when processing your personal information. If
we ever use an automated decision making solution, you have a right to request
that a decision based on your personal information cannot be solely decided via
an automated process.
International Transfers
As noted above, you can ask to obtain a copy of, or reference to, the
safeguards under which your personal information is transferred outside of
Mauritius.
Contact Us
If you have any questions, would like further information about our
privacy and information handling practices, would like to discuss opt-outs or
withdrawing consent, or would like to make a complaint about a breach of the Act
or this Statement, please contact the Data Protection Officer:
privacy@aonhewitt.mu. Alternatively, you have the right to contact the Data
Protection Office.
If you have any questions relating to this Statement, please contact us
at Aon Solutions Ltd, 1st Floor The Pod, Vivéa Business Park, Moka 81406,
Mauritius or privacy@aonhewitt.mu.
Changes to this Statement
We may update this Statement from time to time. When we do,
we will post the current version on this site, and we will revise the version
date located at the bottom of this page.
We encourage you to periodically review this Statement so that you will
be aware of our privacy practices.
This Statement was last updated on June 7, 2021.