This Data Privacy Statement describes how Aon Solutions collects, uses, and protects personally identifiable information. At Aon Solutions, protecting personally identifiable information about you is important to us. We strive to protect the personal information under our control and take certain precautions to help maintain the security and integrity of that data.
Aon Solutions Commitment to Protecting Personally Identifiable Information
The processing of your personal data is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), the existing Cyprus legislation on the protection of personal data and privacy in the electronic communications sector, as well as any more specific national and European legislation for certain sectors, and the decisions, acts and directives of the Commissioner for personal data protection.
We have implemented various security measures to help prevent unauthorized processing or disclosure of personal information and to prevent accidental loss, destruction, or damage to your personal information. Only employees who have a job-related need to do so are authorized to access personal information, and they are contractually obliged to abide by an approved Code of Conduct, Data Privacy and Information Security Policies. We have implemented appropriate IT security standards and related procedures, and we train our employees about data security issues. In addition to these persons, only your employer and particular third parties are authorized to access your personal information. We also require that all these third parties have implemented security measures to protect your personal information.
When and How Aon Solutions Receives Your Information
Most of the personally identifiable information we receive relates to an employer's programs, including pay, benefits, and other human resources plans or programs. There are several ways that we could receive personal information:
- You might provide the information directly as a benefit plan participant.
- When we perform services for our clients. Your employer or service providers appointed by your employer might provide information about you.
- When you attend an Aon event. You may provide this information directly, or it may be provided by your employer or colleagues.
- When you apply for a position at Aon. You may provide this information directly (through an online recruitment portal, careers site or via correspondence), or it may be provided via an agency.
The types of personal information we receive may include:
- Contact information and other identifiers such as name, address, phone number, email address, Social Security Number, or bank account number, as required to provide our services.
- Demographic information, such as date of birth, gender, and marital status.
- Employment information, such as date of hire, employment status, pay history, tax withholding information, performance records, and date of termination.
- Benefit program participation and coverage information, such as benefit elections, beneficiary information, claims information, benefit plan account balances or accrued benefits, and date of retirement.
- When you use our online tools, we record access information like IP or cookies to enable secure access to resources.
- In some cases we may receive special categories of personal data such as information concerning your health (e.g. when you request a loan for health reasons).
A cookie is a piece of information contained in a very small text file that is stored in your Internet browser or elsewhere on your hard drive. Cookies allow a website to identify a user's device whenever that user returns to the website and are commonly used in order to make websites work more efficiently and enrich the user experience, as well as to provide information to the owners of the site. Cookies alone cannot be used to identify you and it does not keep any of the data it collects.
- Strictly Necessary:
These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website. Without these cookies, services you have asked for cannot be provided.
Functionality cookies are used to provide other services such as our online calculators and certain navigation elements of the website which enhance your browsing experience. They can also enable us to remember setting choices you make to improve your visit.
Our websites do not use any third party cookies.
How Aon Solutions uses Your Information
We use your information only for the purpose that this was collected. The following is a summary of the purposes for which we use personal information:
- Performing services for our clients:
We process personal information which our clients provide to us in order to perform our services. This may impact you, for example, where you are the employee of our client, or the member of a client's pension scheme. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards. It is the obligation of our client to ensure that you understand that your personal information will be disclosed to Aon.
- Contacting our clients and prospective clients:
We process personal information about the individual representatives of our corporate clients in order to:
- contact our clients in relation to current, future and proposed engagements;
- send our clients newsletters;
- invite our clients to events.
- Legal basis
All processing (i.e. use) of your personal information is justified by a "lawful basis" for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where we help an employer to fulfil an obligation to you under an employment contract in relation to the delivery of employee benefits);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators); or
- the processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).
Our commitment to protecting personally identifiable information means that:
- We won't sell your personally identifiable information to any third party.
- We won't use, transfer, or disclose your personally identifiable information to anyone outside of Aon, unless authorized by you, except as required by law or legal process, in response to law enforcement requests, and as necessary to protect the property, interests, and rights of Aon and/or your employer.
- We will not transfer your personal data outside the European Economic Area.
Aon Solutions is committed to accurately maintaining your personally identifiable information. Although we can't guarantee that your personal information will be 100% accurate at all times, we'll take reasonable steps to correct personal information that is properly identified as incorrect.
Our retention of your personal data
We may retain your personal data for the longer of the period required in order to meet our legal or regulatory responsibilities, and the period envisaged within our data retention policy. We determine the period envisaged within such policy with regard to the operational and legal requirements applicable in fulfilling the purposes described in this statement. Thereafter, we will refrain from collecting any further personal data on you and shall take appropriate steps to dispose of any records containing your personal data to the extent this is operationally feasible and proportionate.
Your Data protection rights
You have certain rights regarding our use of your personal data, examples summarised below:
- the right to access your data (in an easily readable form);
- the right to examine and correct your data;
- the right to data portability;
- the right to restrict the use of your data;
- the right to withdraw any consent given to the processing of your data (where applicable);
- the right to receive information regarding any third parties we disclose your data to (where applicable);
- the right to object to the processing of your data where we have considered this to be necessary for the purposes of our legitimate interests.
- the right to erasure, when such a case exists in accordance with the GDPR (e.g. there is no valid legal basis for the processing of personal data or if they were unlawfully processed).
As long as you exercise any of these rights, we will take every possible measure needed to respond to your request within thirty (30) days. In case we reject your request, we will inform you for the objective reasons for doing so. If the circumstances require a longer period of time (e.g. complexity of the request), the above deadline may be extended by one month. We may also ask you for certain information so that we can confirm your identity as a security measure.
Also, you always have:
- the right to submit a complaint to a supervisory authority. In other words, you reserve the right to contact the Commissioner for personal data protection, which may accept the submission of your relevant complaints either in written form to its protocol service (P.O.Box 23378, 1682 Nicosia, Cyprus), or electronically (www.dataprotection.gov.cy).
Aon Solutions reserves the right to modify this Data Privacy Statement at any time.
For any questions concerning data protection rights or should you have any queries about how Aon Solutions uses your personal data or wish to discuss the Data Privacy Statement with us, please contact us by email at firstname.lastname@example.org or by post at 13 Atho Street, 1087 Nicosia, Cyprus, to the attention of the data protection officer.
This Statement was last updated on December 1st, 2022.