Effective 1 March 2016
Your privacy and the law
The Aon Group is committed to respecting your privacy and protecting your personal information. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, along with any other applicable privacy laws and codes, when collecting, using, disclosing, holding, handling and transferring any personal information. Where practical and legally permissible to do so, you have the option of providing information to us and dealing with us anonymously or by using a pseudonym.
At Aon, we have ongoing practices, procedures and systems in place to ensure that we manage personal information in an open and transparent way. Further information about these practices, procedures and systems is contained in our policy, set out below.
In this statement, unless otherwise specified, the following definitions will apply:
“Act” means Privacy Act 1988 (Cth) or any replacement law.
“Administrators” means service providers, including Superannuation Administration Corporation ABN 80 976 223 967 and Corporate Services Network Pty Ltd ABN 30 074 864 609;
“Aon Group” (also referred to as “we”, “us” or “our”) includes Aon Corporation Australia Limited ACN 004 756 772 and its related bodies corporate. Members of the Aon Group, and a brief description of the services they provide, include:
- Aon Risk Services Australia Limited ABN 17 000 434 720 (general insurance broker);
- Aon Hewitt Limited ABN 48 002 288 646 (consulting);
- Aon Hewitt Financial Advice Limited ABN 13 091 225 642 (financial advice);
- Aon Benfield Australia Limited ABN 79 003 026 668 (reinsurance broker);
- Aon Superannuation Pty Limited ABN 83 057 982 822 (superannuation);
- Aon Wealth Management Limited ABN 14 003 344 232 (wealth management);
- Aon Product Design & Development Australia Pty Ltd ABN 55 136 905 845 (product design and development);
- Aon Master Trust ABN 68 964 712 340 (superannuation fund);
- Aon Eligible Rollover Fund ABN 54 338 733 881 (superannuation fund);
- Hewitt Associates Pty Ltd ABN 50 068 620 771 (human resources, consulting services, benefits administrations and business process outsourcing);
- HIA Insurance Services Pty Ltd ABN 84 076 460 967 (general insurance broker representative);
- One Underwriting Pty Ltd ABN 50 006 767 540 (underwriting agency);
- Aon Charitable Foundation Pty Ltd ABN 68 065 177 595 (charity).
“Aon” means an applicable entity in the Aon Group.
“Aon Website” means a website or mobile application owned or operate by an entity in the Aon global group of companies (including reward.aonhewitt.com.au).
“APP” means the Australian Privacy Principles contained in Schedule 1 of the Act.
“Authorised Representative” means a person authorised in accordance with sections 916A and 916B of the Corporations Act 2001 (Cth) to provide financial services on behalf of an Australian Financial Services Licence holder (including financial planners).
About this Privacy Statement
This Privacy Statement explains how Aon manages your personal information. It provides you with a general overview of:
Collecting your personal information
the type of information we may collect and how we collect it;
Using and disclosing your personal information
the ways in which and the purposes for which we may use and disclose your information;
Cross-border disclosures of your personal information
our approach to disclosing your information to overseas recipients;
Holding and storing your personal information
the ways we hold, store and secure your information;
Accessing and correcting your personal information
how you access and change information we hold about you; and
Resolving your privacy issues
how to raise any issues with our management of your information in accordance with the APPs, and how to opt-out.
This Privacy Statement will apply to any personal information we may collect directly from you or other sources (where relevant and legally permissible).
We may update this Privacy Statement from time to time. Any updates can be accessed via our website or by contacting our office to request that a hard copy be sent to you (to be provided at no cost). We encourage you to periodically review this Privacy Statement so that you will be aware of our privacy practices. This Privacy Statement was last updated on 1 March 2016.
What is personal information?
Personal information is generally considered to be information or opinion that allows others to identify you. This includes your name, gender, contact details, as well as your health and financial information.
Why do we collect your personal information?
We will generally collect personal information that is reasonably necessary to offer and administer our services and products, and those offered by the global Aon group of companies. Our services and products include insurance broking and claims management, risk management consulting, other forms of insurance services (including underwriting of insurance products and reinsurance), employee benefits, premium financing, superannuation, analytics, financial planning and investment advisory services.
We may also collect personal information to be able to develop and identify products and services that may interest you, to conduct market or customer satisfaction research or to develop, establish and administer alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services.
What type of information can we collect from you?
The type of information we collect will depend on which of the companies in the Aon Group you do business with and the type of product or service you request. Generally, we collect information such as your name, contact details, date of birth, gender, financial and employment details and benefit coverage.
For some of our products and services, we may also need to collect sensitive information about you. This may include information about your criminal convictions or heath information in relation to life, heath, professional liability and workers compensation insurance, employee benefit programs, membership of professional or trade associations and sexual preferences. We will generally only collect and hold such sensitive information where reasonably necessary to perform our engagement and with your consent.
What can happen if you don’t provide us with your information, or provide us with information that is incomplete or inaccurate?
If you do not provide the information we request, we or those involved with the provision of the service or product may not be able to provide the appropriate type or level of service or product.
How do we collect this information?
Unless impracticable or unreasonable to do so, we will collect information directly from you. This may occur, for instance, when you contact us by telephone, facsimile, email, online or letter in order to complete a product or service application, or any other kind of administrative form. Our emails may contain automatic features that collect personal information.
If we are permitted by law to do so, we may collect information about you from Third Parties. We may collect this information from other companies within the Aon Group, third parties such as our affiliates, Authorised Representatives (in the case of Aon Risk Services Australia Limited, Aon Master Trust, Aon Eligible Rollover Fund, Aon Superannuation Limited and Aon Hewitt Financial Advice Limited), or other third parties such as Administrators, employers, insurance companies, insurance brokers or agents, credit organisations, motor vehicle and driver licensing authorities, financial institutions, medical professionals, third parties who may be arranging insurance cover for a group that you are a part of, law enforcement, dispute resolution, statutory and regulatory bodies, marketing lists and industry databases, publicly available sources, other government bodies, etc.
Upon your request, we will take reasonable steps to let you know how we have sourced your personal information, unless it is obvious from the circumstances that you would know or would reasonably expect us to have the information (such as where we are dealing with your advisers).
Are there any other ways Aon can collect your personal information?
Aon may also collect information by online means when you:
• Visit an Aon Website
Aon or its affiliates may collect information during your visit to an Aon Website through the use of cookie technology. A cookie is a piece of information in a small text file that is stored in your internet browser or elsewhere on your hard drive.
By using an Aon Website and associated microsites, you agree to the processing of your personal information as explained in this Privacy Statement, including placing cookies on your device as described in the Cookie Notice.
Aon Websites may contain links to other sites which are outside our control and are not covered by this Statement. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy statement. We encourage you to read the privacy statements on other websites you visit. Aon is not responsible for the content or privacy practices of linked sites or any use of those sites.
You may apply for employment with the Aon Group through our websites. Any information submitted for the purposes of applying for employment with the Aon Group will be collected, disclosed and held in accordance with this Statement.
• Register for events
We may ask you for some or all of the following types of information when you register for events, request services, manage accounts, access various content and features or directly visit our websites:
- contact information, such as name, e-mail address, postal address, phone number and mobile number;
- user name, password, password reminder questions and password answers;
- communication preferences, such as which newsletters you would like to receive;
- search queries;
- contact information about others when you refer a friend to a particular site or service (note: this information is used solely to facilitate requested communications); and
- information posted in community discussions and other interactive online features.
This information will be used to administer your attendance at the event, to make you aware of other events that we believe you may be interested in, and to provide your contact details to members of the Aon Group or event sponsors in relation to products or services discussed at the event. If you do not want to be contacted about other events or about the products or services discussed at the event, please select the marketing opt-out option on the form.
• Engage with Aon through Social Media
You can engage with us through social media websites or through features such as plug-ins or applications on Aon Websites that integrate with social media sites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third party social media sites, plug-ins, or applications, you may allow us and our affiliates to have ongoing access to certain information from your social media account (e.g. name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
• Access our Websites through Mobile Devices
If you access our websites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and your location information.
When you provide us your mobile device phone number as your contact phone number, you consent to the use of your mobile device phone number for the purposes identified in this Statement. If you choose to receive notifications from us on your mobile device (e.g. text notifications), you also consent to the use of your mobile phone number for that purpose.
How do we notify you and obtain your consent?
In most cases, we will obtain your consent to the purposes for which we intend to collect, use and disclose your personal information either at the time you engage us to provide you with a product or service, or as soon as practicable.
Otherwise, unless we hear from you by one of the means set out in this Privacy Statement, by visiting an Aon Website or using any of our products or services, or otherwise by providing us with your information, you agree to your information being managed in accordance with this Privacy Statement.
You may modify or withdraw your consent at any time by contacting the privacy officer (firstname.lastname@example.org) or your Aon Group Representative. If you do not give us consent or subsequently modify or withdraw your consent, we may not be able to provide you with the products or services you want.
If you provide us with information about other individuals (such as employees, dependents etc.) you must obtain their consent for us to use their information in accordance with our Privacy Statement prior to your disclosure to us or otherwise let us know if this is not the case.
Modifying your consent and opting-out of marketing
You may modify or withdraw your consent, or opt-out of receiving direct marketing at any time by contacting the Privacy Officer (email@example.com) or your Aon Group Representative.
If you receive electronic communications, such as an e-newsletter, you may unsubscribe at any time by following the instructions included in the communication.
If you previously chose to receive push notifications on your mobile device, you may manage your preferences either through your device or the application settings. Alternatively, you may uninstall the application by using the uninstall process available on your mobile device.
How do we deal with unsolicited information?
Where we receive information that we have not requested (“unsolicited information”), we will determine whether that information is reasonably necessary for our functions or activities. If it is, we will handle the information in the same way that we handle information we have requested. If not, we will take steps to destroy or de-identify the information.
How can your personal information be used and disclosed?
We will generally only use and disclose your personal information for the purpose that it was collected for, any related purpose that you would reasonably expect us to use or disclose it for, for the purpose of analytics, or as permitted under this Privacy Statement or under any law.
Aon otherwise has a duty to maintain the confidentiality of its clients’ information unless disclosure is permitted with your consent or compelled under any law.
Your information may be used for the following purposes:
- to provide the information, products or services you requested;
- to determine your eligibility and process applications for products and services you have requested;
- to provide information and services you requested;
- to understand and assess your ongoing needs, and to offer products and services to meet those needs;
- to carry out client communication, service, billing and administration;
- to arrange premium funding;
- to administer claims;
- to conduct data analysis and data analytics;
- to monitor and train;
- to develop new services;
- to market products and services; and
- to conduct processing necessary to fulfil contractual obligations for the individual.
We will only use and disclose your sensitive information for the purpose it was collected for, for any other directly related purpose that you would reasonably expect us to use it for, or in accordance with a law or regulation. With your consent, we may use or disclose your information for additional purposes from time to time.
In addition to our affiliates, we may also disclose personal information to third parties such as our contractors, agents and service providers when we outsource certain functions, including market research, marketing, claims handling and recruitment. This would also include our third party storage providers whom we may use from time to time to store information physically or electronically.
Who can access your personal information?
We may disclose your information to other companies within the Aon Group and the following affiliates or third party service providers to assist us in providing, managing and administering our services and products:
- banking and finance products - business partners, debt collection agencies, insurers, reinsurers, premium funders, and managed fund organisations for financial planning, investment products and trustee or custodial services in which you invest;
- insurance broking and insurance products - business partners, including insurers, reinsurers, other insurance intermediaries, insurance reference bureaux, medical service providers, fraud detection agencies, other advisers such as loss adjusters, lawyers and accountants and others involved in the claim handling process;
- superannuation administrators and service providers;
- our Authorised Representatives;
- authorised service providers, including IT service providers;
- external IT service providers, infrastructure and other third parties where required by law; and
- entities related to the Aon Group for the purpose of offering you other products and services (provided, you have not elected to opt-out of receiving such information).
Can your information be used for direct marketing?
What is our approach to disclosing your information to third parties and overseas recipients?
Aon may disclose personal information to our overseas related body corporates (please visit the Aon Website for a list of our worldwide office locations) and third parties who we believe are necessary to assist us in providing the relevant services and products to our clients or to enable them to offer their products and services to you.
For instance, we disclose personal information to the relevant product provider and their representatives, our agents and contractors and related companies (including our Authorised Representatives). We generally limit, however, such use and disclosure of any personal information to the specific purpose for which it was supplied.
In addition to our affiliates, we may also disclose personal information to third parties such as our contractors, agents and service providers when we outsource certain functions, including market research, direct marketing, claims handling and recruitment. This would also include our third party storage providers, whom we may use from time to time to store information physically or electronically.
Our affiliates and third parties may be based locally or they may be overseas. Examples include, but are not limited to, the United States of America, the United Kingdom, Ireland, Singapore, India and the Philippines.
In these circumstances, Aon will generally take reasonable steps to ensure that we have arrangements in place with such parties that prevent them from using or disclosing personal information for any purposes other than our own. However by providing personal information to us, you acknowledge that we may not always be able to guarantee that overseas parties are subject to requirements similar to those contained in the Privacy Act and consent to the disclosure on this basis. If you would like further information about whether your information will be disclosed to overseas recipients, please contact the Privacy Officer (firstname.lastname@example.org).
Please also note that we may disclose your personal information, upon request, to any local or foreign government, law enforcement, dispute resolution, statutory or regulatory body, or as required by any law or regulation.(including the Corporations Act and the Anti-Money Laundering & Counter-Terrorism Financing Act).
How do we hold your information?
Your information may be held in physical format, as electronic data, or in our software or systems. In particular, we may store your information in cloud or other types of networked or electronic storage.
What is our information security policy?
We take reasonable steps to protect personal information from misuse, interference and loss and implement physical, technical and administrative security standards to secure and protect your personal information from unauthorised access, modification or disclosure.
Steps we take include implementing and imposing:
- confidentiality requirements on our employees and other representatives, as well as third parties;
- policies on document storage security;
- security measures for access to our systems;
- only providing access to information once proper identification has been given;
- controlling access to our premises; and
- website protection security measures.
Further information about our data security practices can be provided on request. Notwithstanding the above, you should be aware that no data protection and security measures are completely secure. Despite all the measures we have put in place, we cannot guarantee the security of your information, particularly in relation to transmissions over the Internet. It may also not be practicable to know in which country your information may be held, where networked or electronic storage solutions are adopted. Accordingly, any information which you transmit to us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details, etc.) and you should notify us as soon as possible after you become aware of any security breaches.
How long do we hold your information for?
Areas of Aon are subject to certain legal requirements to retain information for particular timeframes. When we are no longer legally required to retain your information, and we no longer need your information for a purpose for which it was collected, we will take such steps as are reasonable to destroy or de-identify it.
How can I access and correct my information?
We take reasonable steps to ensure the personal information that we collect, hold and disclose is accurate, up to date and complete. However, we also rely on you to let us know of any changes or corrections required. You should contact us to update your personal information or advise us if the personal information we hold is not accurate, up to date or complete.
You can access or update your personal information as follows:
- if you have created a profile or an account on our website, you can update your information once you log in;
- contact your Aon Group Representative or our Privacy Officer (email@example.com);
- if you receive electronic communications, such as an e-newsletter, you may unsubscribe at any time by following the instructions included in the communication;
- if you previously chose to receive push notifications on your mobile device, you may manage your preferences either through your device or the application settings. Alternatively, you may uninstall the application by using the uninstall process available on your mobile device; and
If we do not provide you with access or refuse to update your information, we will provide you with the reason for refusal and inform you of any exceptions relied upon.
Your request to provide information will be dealt with in a reasonable time from receipt of your request and we may recover from you our reasonable cost of supplying you with this information.
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs, or would like to make a complaint about a breach of the Act or this Privacy Statement, please contact the Privacy Officer:
Post: Attn: Privacy Officer, Aon Corporation Australia, GPO Box 4189, SYDNEY NSW 2001
Phone: +61 29253 7000
We are committed to respecting your privacy and we will respond to you as soon as reasonably possible.
If, however, you feel that your complaint has not been resolved, then you can contact the Office of the Australian Information Commissioner on the details below:
Post: GPO Box 5218, SYDNEY NSW 2001
Phone: 1300 363 992