Effective 12 March 2014
Your privacy and the law
The Aon Group is committed to respecting your privacy and protecting your personal information. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, along with any other applicable privacy laws and codes, when collecting, using, disclosing, holding, handling and transferring any personal information. Where practical and legally permissible to do so, you have the option of providing information to us and dealing with us anonymously or by using a pseudonym.
At Aon, we have ongoing practices, procedures and systems in place to ensure that we manage personal information in an open and transparent way. Further information about these practices, procedures and systems are contained in our policy set out below.
In this statement, unless otherwise specified, the following definitions will apply:
|“Act”||means Privacy Act 1988 (Cth) or any replacement law.|
|“Administrators”||means Superannuation Administration Corporation ABN 80 976 223 967 and Corporate Services Network Pty Ltd ABN 30 074 864 609;|
|“Aon Group” (also referred to as “we”, “us” or “our”)||includes Aon Corporation Australia Limited ACN 004 756 772 and its related bodies corporate. Members of the Aon Group, and a brief description of the services they provide, include:|
|“Aon”||means an applicable entity in the Aon Group.|
|“Aon Website”||means a website or mobile application owned or operate by an entity in the Aon global group of companies (includingwww.aon.com.au).|
|“APP”||means the Australian Privacy Principles contained in Schedule 1 of the Act.|
|“Authorised Representative”||means a person authorised in accordance with sections 916A and 916B of the Corporations Act 2001 (Cth) to provide financial services on behalf of an Australian Financial Services Licence holder (including financial planners).|
About this Privacy Statement
This Privacy Statement explains how Aon manages your personal information. It provides you with a general overview of:
|Collecting your personal information||the type of information we may collect and how we collect this information from you;|
|Using and Disclosing your personal information||the ways and purposes we may use and disclose your information;|
|Cross-Border Disclosures of your personal information||our approach to disclosing your information to third party and overseas recipients;|
|Holding and storing your personal information||the ways we hold, store and secure your information;|
|Accessing and Correcting your personal information||how you may access and change information we hold about you; and|
|Resolving your privacy issues||how you may raise any issues with our management of your information in accordance with the APPs.|
This Privacy Statement will apply to any personal information we may collect directly from you or other sources (where relevant and legally permissible).
We may update this Privacy Statement from time to time. Any updates can be accessed via our website or by contacting our office to request a hard copy be sent to you (which will be provided at no cost). We encourage you to periodically review this Privacy Statement so that you will be aware of our privacy practices. This Privacy Statement was last updated on 12 March 2014.
Collecting your personal information
What is personal information?
Personal information is generally considered as information or opinion that allows others to identify you. This includes your name, gender, contact details, as well as your health and risk profile information.
Why do we collect your personal information?
We will generally collect personal information which is reasonably necessary to offer and administer our services and products and those offered by the Aon global group of companies (including insurance broking and claims management, risk management consulting, other forms of insurance services (including underwriting of insurance products and reinsurance), employee benefits, premium financing, superannuation and investment advisory services).
We may also collect personal information to be able to develop and identify products and services that may interest you, to conduct market or customer satisfaction research or to develop, establish and administer alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services.
What type of information can we collect from you?
The type of information we collect will depend on which of the companies in the Aon Group you do business with and the type of product or service you request. Generally, however, we may collect information such as your name, contact details, date of birth, gender, financial and employment details and benefit coverage.
For some of our products and services, we may also need to collect sensitive information about you. This may include information about your criminal convictions or heath information in relation to life, heath, professional liability and workers compensation insurance, employee benefit programs, membership of professional or trade associations and sexual preferences. We will generally only collect and hold such sensitive information where reasonably necessary to perform our engagement and with your consent.
What can happen if you don’t provide us with your information, or provide us with incomplete or inaccurate information?
If you do not provide the information we request, we or those involved with the provision of the service or product may not be able to provide the appropriate type or level of service or product.
How do we collect this information?
Unless impracticable or unreasonable to do so, we will collect information directly from you. This may occur, for instance, when you make use of our website, or when you contact us through telephone, facsimile, email, online or hard copy communication in order to complete a product or service application or any other kind of administrative form.
Alternatively, we may also collect your information from other companies with the Aon Group, third parties such as our affiliates, Authorised Representatives (in the case of Aon Risk Services Australia Limited, Aon Master Trust, Aon Eligible Rollover Fund, Aon Superannuation Limited and Aon Hewitt Financial Advice Limited) or other third parties such as Administrators, employers, insurance companies, insurance brokers or agents, credit organisations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, third parties who may be arranging insurance cover for a group that you are a part of, law enforcement, dispute resolution, statutory and regulatory bodies, marketing lists and industry databases, publicly available sources etc. Upon your request, we will take reasonable steps to let you know how we have sourced your personal information unless it is obvious from the circumstances that you would know or would reasonably expect us to have the information (such as where we are dealing with your advisors).
Are there any other ways Aon can collect your personal information?
Aon may also collect information by online means when you:
- Visit an Aon Website
Aon or its affiliates may collect information during your visit to an Aon Website through the use of cookie technology. By using an Aon Website and associated microsites, you agree to the processing of your personal information as explained in this Privacy Statement, including placing cookies on your device as described in the Cookie Notice.
We collect personal information from Aon Websites to fulfil your request for products and services and to improve your online experience. We strive to limit the amount of information collected to support the intended purpose of the collection.
We may ask you for some or all of the following types of information when you register for events, request services, manage accounts, access various content and features or directly visit our websites:
- contact information, such as name, e-mail address, postal address, phone number and mobile number;
- user name, password, password reminder questions and password answers;
- communication preferences, such as which newsletters you would like to receive;
- search queries;
- contact information about others when you refer a friend to a particular site or service (note: this information is used solely to facilitate requested communications); and
- information posted in community discussions and other interactive online features.
In some instances, Aon or its affiliates automatically collect certain types of information when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, “cookies” and web beacons. The collection of this information aims to allow us to improve the effectiveness of Aon websites and our marketing activities.
Aon Websites may contain links to other sites which are outside our control and are not covered by this Statement. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy statement. We encourage you to read the privacy statements on other websites you visit. Aon is not responsible for the content or privacy practices of linked sites or any use of those sites.
Please be aware that Aon Websites may contain links to sites maintained by other Aon entities that are not governed by this Statement but by other privacy statements that may differ slightly from this Statement. We encourage you to review the privacy statement of each website you visit.
You may apply for employment with the Aon Group through our websites. Any information submitted for the purposes of applying for employment with the Aon Group will be collected, disclosed and held in accordance with this Privacy Statement. Otherwise, our employee records are exempt from the Act and are not covered by this Privacy Statement.
- Engage with Aon through Social Media
You can engage with us through social media websites or through features such as plug-ins or applications on Aon Websites that integrate with social media sites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third party social media sites, plug-ins, or applications, you may allow us and our affiliates to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the ‘likes’ you make).
- Access our Websites through Mobile Devices
If you access our websites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device’s operating system, mobile carrier and your location information.
When you provide us your mobile device phone number as your contact phone number, you consent to the use of your mobile device phone number for the purposes identified in this Statement. If you choose to receive notifications from us on your mobile device (e.g. text notifications), you also consent to the use of your mobile phone number for that purpose.
How do we notify you and obtain your consent?
In most cases we will obtain your consent to the purposes for which we intend to collect, use and disclose your personal information either at the time you engage us to provide you with a product or service, or as soon as practicable.
Otherwise, unless we hear from you by one of the means set out in this Privacy Statement, by visiting an Aon Website or using any of our products or services, or otherwise by providing us with your information, you agree to your information being managed in accordance with this Privacy Statement.
You may modify or withdraw your consent at any time by completing a Personal Information Request Form and submitting this form to us as directed on the form. If you do not give us consent or subsequently modify or withdraw your consent, we may not be able to provide you with the products or services you want.
If you provide us with information about other individuals (such as employees, dependents etc.) you must obtain their consent for us to use their information in accordance with our Privacy Statement prior to your disclosure to us or otherwise let us know if this is not the case.
How do we deal with unsolicited information?
Where we receive information that we have not requested (“unsolicited information”), we will determine whether that information is reasonably necessary for our functions or activities. If it is, we will handle the information in the same way that we handle information we have requested. If not, we will take steps to destroy or de-identify the information.
Using and disclosing your personal information
How can your personal information be used?
We will generally only use and disclose your personal information for the purpose that it was collected, any related purpose that you would reasonably expect us to use or disclose it for, or as permitted under this Privacy Statement or under law. Aon otherwise has a duty to maintain the confidentiality of its client’s information unless disclosure is permitted with your consent or compelled under law.
Your information may be used for the following purposes:
- to provide information, products or services you requested;
- to determine your eligibility and process applications for products and services that you have requested;
- to provide information and services as requested by clients;
- to understand and assess your ongoing needs and offer products and services to meet those needs;
- to carry out client communication, service, billing and administration;
- to administer claims;
- to conduct data analysis;
- to execute monitoring and training;
- to develop new services;
- to market products and services; and
- to conduct processing necessary to fulfil other contractual obligations for the individual.
We will only use and disclose your sensitive information for the purpose it was collected or for any other directly related purpose that you would reasonably expect us to use it for. With your consent, we may use or disclose your information for additional purposes from time to time.
Who can access your personal information?
We may disclose your information to other companies within the Aon Group and the following affiliates or third party service providers to assist us in providing, managing and administering our services and products:
- banking and finance products – business partners, debt collection agencies, insurers, reinsurers, and managed fund organisations for financial planning, investment products and trustee or custodial services in which you invest;
- insurance broking and insurance products – business partners, including insurers, reinsurers, other insurance intermediaries, insurance reference bureaus, medical service providers, fraud detection agencies, other advisers such as loss adjusters, lawyers and accountants and others involved in the claim handling process;
- our Authorised Representatives;
- authorised service providers;
- external IT service providers, infrastructure and other third parties where required by law; and
- entities related to the Aon Group for the purpose of offering you other products and services (provided, you have not elected to opt-out of receiving such information).
Can your information be used for direct marketing?
As indicated above, unless you notify us otherwise, we may use your personal information to let you know about products and services from across the Group or our affiliates and business partners that we think may be of interest to you. You can choose not to receive this information from us (including product or service offerings from us on behalf of our affiliates and business partners) or related bodies by contacting our Privacy Officer, your Aon representative or by completing and submitting a Personal Information Request Form.
Cross border disclosures of your personal information
What is our approach to disclosing your information to third parties and overseas recipients?
Aon may disclose personal information to our overseas related body corporates (please visit the Aon Website for a list of our worldwide office locations) and third parties who we believe are necessary to assist us in providing the relevant services and products to our clients or to enable them to offer their products and services to you. For instance, we disclose personal information to the relevant product provider and their representatives, our agents and contractors and related companies (including our Authorised Representatives). We generally limit, however, the use and disclosure of any personal information provided by us to such third parties for the specific purpose for which it was supplied.
In addition to our affiliates, we may also disclose personal information to third parties such as our contractors, agents and service providers when we outsource certain functions, including market research, direct marketing, claims handling and recruitment. This would also include our third party storage providers whom we may use from time to time to store information physically or electronically. Our affiliates and third parties may be based locally or they may be overseas where we have a presence or engage such parties, including but not limited to the United States of America, United Kingdom, Singapore, India and the Philippines.
Disclosure may also be made to government, law enforcement, dispute resolution, statutory or regulatory bodies, or as required by law (including the Corporations Act and the Anti-Money Laundering & Counter-Terrorism Financing Act)
In these circumstances, Aon will generally take reasonable steps to ensure we have contracts in place that contain an obligation for them to comply with the Act and the Privacy Statement (to the extent applicable). We will also make every effort to ensure that we only have business dealings with third parties that value privacy and information security the same way as us. However, by providing us with your consent to collect, use, disclose and hold your information in accordance with this Privacy Statement, you acknowledge that we will no longer be required to take reasonable steps to ensure the overseas recipient’s compliance with the Act in relation to the handling of your information and we will not be liable to you for any breach of any Australian privacy law by these overseas recipients under the Act or otherwise, and on this basis, you consent to such disclosure.
Holding and storing your personal information
How do we hold your information?
Your information may be held in physical format, as electronic data, or in our software or systems. In particular, we may store your information in cloud or other types of networked or electronic storage.
What is our information security policy?
We take reasonable steps to protect personal information from misuse, interference and loss and implement physical, technical and administrative security standards to secure and protect your personal information from unauthorised access, modification or disclosure.
Steps we take include implementing and imposing:
- confidentiality requirements on our employees and other representatives, as well as third parties;
- policies on document storage security;
- security measures for access to our systems;
- only providing access to information once proper identification has been given;
- controlling access to our premises; and
- website protection security measures.
Further information about our data security practices can be provided on request. Notwithstanding the above you should be aware that no data protection and security measures are completely secure. Despite all the measures we have put in place, we cannot guarantee the security of your information, particularly in relation to transmissions over the Internet. It may also not be practicable to know in which country your information may be held where networked or electronic storage solutions are adopted. Accordingly, any information which you transmit to us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details etc.) and you should notify us as soon as possible after you become aware of any security breaches.
How long do we hold your information for?
When all of our legal obligations to retain your information have expired or we no longer need your information for a purpose that it was collected, we will take such steps as are reasonable to destroy or de-identify it.
Accessing and correcting your personal information
How can I access and correct my information?
We take reasonable steps to ensure your personal information that we collect, hold and disclose is accurate, up to date and complete. However, we also rely on you to let us know of any changes or corrections required to your information. You should contact us at any time to update your personal information or advise us that the information we hold is not accurate, up to date or complete.
You can access or update your personal information, including opting out of receiving any marketing from the Aon Group, in the following ways:
- if you have created a profile or an account on our website, you can update you information once you login;
- contact your Aon Group Representative or our Privacy Officer (on the contact details at the bottom of this Privacy Statement);
- complete and submit a Personal Information Request Form to your Aon Group Representative or our Privacy Officer;
- if you receive electronic communications, such as an e-newsletter, you may unsubscribe at any time by following the instructions included in the communication;
- if you previously chose to receive push notifications on your mobile device, you may manage your preferences either through your device or the application settings. Alternatively, you may uninstall the application by using the uninstall process available on your mobile device; and
If we do not provide you with access or refuse to update your information, we will provide you with the reason for refusal and inform you of any exceptions relied upon.
Your request to provide information will be dealt with in a reasonable time from receipt of your request and we may recover from you our reasonable cost of supplying you with this information.
Resolving your privacy issues
If you have any questions or would like further information about our privacy and information handling practices, please contact us by one of the following means:
Attn: Privacy Officer
Aon Corporation Australia
GPO Box 4189
SYDNEY NSW 2001
+61 29253 7000
If you wish to make a complaint about a breach of the Act or this Privacy Statement, you may:
- complete and submit the Personal Information Request Form to your Aon Group representative; or
- contact our Privacy Officer directly on the contact details below.
Attn: Privacy Officer
Aon Corporation Australia
GPO Box 4189
SYDNEY NSW 2001
Phone: +61 29253 7000
We are committed to respecting your privacy and we will respond to you as soon as reasonably possible.
If, however, you feel that your complaint has not been resolved, then you may contact the Office of the Australian Information Commissioner on the details below:
GPO Box 5218
SYDNEY NSW 2001
Phone: 1300 363 992