怡安企业服务(上海)有限公司(“怡安”)致力于保护您的隐私。这一承诺反映了我们对经营和维护员工、消费者、客户、业务合作伙伴以及与我们共享其个人信息的其他人的信任的价值。
此隐私声明的目的?
本隐私声明(“声明”)旨在向您展示怡安在业务运营过程中可能涉及的个人信息处理场景,向您解释怡安如何处理您的个人信息,以及怡安在任何场景下均致力于遵守的安全保护措施等。在我们收集您的个人信息时,如该场景无法被本隐私声明所覆盖,则我们还会向您提供更具体及更具有针对性的隐私声明,包括但不限于该等场景下明确的个人信息处理目的、方式、范围等。请注意,本声明不适用于您使用任何与本网站或任何拥有自己的隐私通知的第三方网站。
本声明旨在通过解释以下内容帮助您理解我们如何收集、存储、使用、处理、转移、提供、披露、删除(统称为“处理” )您的个人信息。
隐私声明
1.
谁对您的个人信息负责?
2.
我们如何收集您的个人信息,我们收集哪些个人信息?
3.
我们如何使用您的个人信息?
4.
法律依据
5.
我们是否向儿童收集个人信息?
6.
我们保留您的个人信息多长时间?
7.
我们如何披露您的个人信息?
8.
我们是否会跨境传输您的个人信息?
9.
我们是否有安全措施来保护您的个人信息?
10.
有关个人信息的其他权利
11.
自动化决策
12.
联系我们
13.
本声明的更改
1. 谁对您的个人信息负责?
在本声明中,“怡安”是指怡安企业服务(上海)有限公司(也称为“我们”)。个人信息由怡安收集并作为个人信息处理者的身份负责处理这些信息。怡安还可能作为个人信息受托处理者为客户提供服务。在这种情况下,我们将按照我们的法律义务和与客户的合同承诺来处理您的个人信息。
2. 我们如何收集您的个人信息,以及我们收集哪些个人信息?
我们收集的个人信息因服务性质而异。当您于我们的官方网站向我们提交个人信息时,我们将按以下目的和方式处理您所提交的个人信息:
处理目的 |
个人信息种类 |
处理方式 |
邀请您参与我们组织的线上或线下活动、问卷调研、向您发送人力资源行业最新资讯或通过社交媒体与您进行互动 |
您的基本信息(姓名、邮箱地址、手机号码、微信账号)、您的基本人力资源信息(所在公司名称、所属行业、所任岗位、您的工作地点及您所负责的地域范围) |
在您与我们产生交互的场景中收集您主动提交的左列所述个人信息,并在符合适用法律法规的前提下进行存储、使用、加工、传输、删除 |
当您浏览我们的官方网站,与我们取得联系时,为处理您的问询、向您提供我们在官方网站分享的白皮书或行业报告 |
您的基本信息(姓名、邮箱地址、手机号码)、您的基本人力资源信息(所在公司名称、所属行业、所任职位、您的工作地点及您所负责的地域范围) |
在您与我们产生交互的场景中收集您主动提交的左列所述个人信息,并在符合适用法律法规的前提下进行存储、使用、加工、传输、删除等 |
有关我们在其他场景中向您提供的每项服务中收集的个人信息的更多信息,以及收集信息的目的和法律依据,我们将分别在与具体服务相关的隐私声明中提供给您。概览如下:
a. 怡安通过以下方式收集个人信息:
您提供给我们的个人信息
当您:
- 向我们申请服务;
- 访问怡安网站或参加怡安组织的活动;
- 申请怡安的职位;
- 因为投诉或查询而与我们联系;
- 通过社交媒体与我们互动;或
- 注册或使用我们的任何网站或应用程序。
为履行我们向您或您的雇主提供的服务相关的义务(包括任何法律和监管义务),您需要以我们可以接受的形式,提供经我们合理要求的相关个人信息。如果您未能提供或延迟提供我们合理履行这些义务的个人信息,我们可能无法向您或您的雇主提供服务和/或我们可能终止向您或您的雇主提供服务。
如果您向怡安提供有关第三方个人的个人信息(例如,有关您的配偶、伴侣、子女、受抚养人或紧急联系人的信息),则您应事先向这些人提供本声明及具体服务所涉及的隐私声明的副本,或者确保他们以其他方式了解怡安将如何使用其个人信息。在我们无法与该等第三方个人建立直接的沟通渠道时,我们可能要求您承诺您已代表我们获取其明确的同意。
我们自动收集的个人信息
在某些情况下,当您访问我们的网站并通过电子邮件和我们联系时,我们会自动收集某些类型的信息。自动化技术可能包括使用 Web 服务器日志收集 IP 地址、“Cookie”和 Web 信标。有关我们使用Cookie的更多信息,请在我们的Cookie声明中找到。
我们从客户或第三方收集的个人信息
当我们向客户提供服务时,我们可能从客户处收集有关您的个人信息,如您的姓名、联系方式、出生日期、性别、婚姻状况、财务详细信息、就业详情和福利保险。我们还可能收集(在每种情况下,与我们提供的服务紧密相关的)有关您的敏感个人信息,例如您的薪酬信息等。我们收到的个人信息都与我们向您或您的雇主提供的服务相关。 当国家法律允许,且在适当时我们可能收集与犯罪相关的资料:例如,作为接受业务、财务、行政、招聘、反洗钱和制裁审查流程的必要的一部分。相应的个人信息处理规则我们会在提供服务所适用的隐私声明中向您说明。
b. 我们收集的有关您的个人信息可能包括以下内容:
a. |
基本个人信息, 如姓名、地址联系方式、出生日期、年龄、性别和婚姻状况: |
b. |
独特的身份识别信息,如身份证号码或护照号码; |
c. |
人口统计学细节, 如有关您的年龄、性别、种族、婚姻状况、生活方式和保险要求的信息; |
d. |
就业信息, 如职位、就业状况(如全职/兼职、合同)、工资信息、就业福利和就业历史: |
e. |
健康信息, 如有关您的健康状况、医疗记录和医疗评估结果的信息; |
f. |
福利信息, 如福利选择 、养老金权利信息、退休日期以及影响您福利的任何相关事项,如自愿缴款、养老金共享信息、税收保护或其他调整; |
g. |
财务详细信息, 如支付卡和银行账户详细信息、 您的信用记录和破产状况详情、薪金、税码、第三方扣减、奖金支付、福利和权利数据、国家保险缴款详情: |
i. |
您的营销偏好: |
j. |
在线信息,如有关您访问我们网站的信息; |
k. |
活动信息,如有关您对我们活动的兴趣和出席情况的信息,包括提供反馈表; |
l. |
社交媒体信息,如您与我们的社交媒体存在的互动(例如,赞和帖子); |
如果我们收集敏感个人信息 (如有关您的薪酬、健康或涉嫌犯罪活动的信息),我们将确保它是必要的,并按照适用的法律处理相应的个人信息,其中可能包括在收集之前获得您的明确同意和/或必要的授权。
3. 我们如何使用您的个人信息?
以下是我们使用您个人信息目的的摘要。有关我们每项具体服务所收集的个人信息以及收集个人信息的目的和法律依据,我们将在与服务相关的隐私通知中提供给您。
为我们的客户提供服务
我们处理客户提供给我们的个人信息,提供数据解决方案以及跨职位、跨行业、跨市场、跨领域的咨询服务。处理您个人信息的目的及方式将由我们为客户所提供服务的范围和具体内容,以及适用的法律、监管指导和专业标准所决定。
管理我们的客户委托
我们处理有关客户和公司客户个人代表的个人信息:
- 履行怡安的监管和合规义务,包括:
o “了解您的客户”检查和筛选;
o 反洗钱;
o 贸易制裁筛查;
o 从适当的第三方获取和更新信用信息,如信用报告机构,其中交易的信用:
- 与客户沟通;
- 解决客户查询和投诉;和
- 管理索赔。
与客户和潜在客户的沟通和营销
我们处理客户、潜在客户和企业客户个人代表的个人信息,发送时事通讯、专有知识、宣传材料和其他营销信息,并邀请我们的客户参加活动,包括安排和管理这些活动。
进行数据分析、基准测试和建模
怡安是一家创新型企业,依靠利用我们以往业务的经验来分析趋势来开发复杂的产品和服务。怡安还使用数据进行分析、建立模型、基准测试和研究。
兼并和收购
在发生销售、收购或重组时,我们会处理个人信息,包括在交易结束前和交易结束后进行处理,以进行规划和尽职调查以及将业务账簿转让给业务的继受方。
流程和服务改进
我们处理个人信息以维护和改进提供服务和使用技术(包括测试和升级系统)所使用的流程。我们还处理个人信息以开发新的服务。
如果我们将您的个人信息用于其他目的,我们将请求您的同意,除非处理您的个人信息是为了满足相关法律和监管要求。在所有情况下,我们根据适用的法律和法规,平衡您个人信息的合法使用与您的利益、权利和自由,以确保您的个人信息不会受到不必要的风险。
4. 法律依据
我们依靠以下法律依据收集和使用您的个人信息:
5. 我们向儿童收集个人信息吗?
我们的网站和服务均不针对儿童,我们也不会故意在我们的网站上从儿童处收集个人信息。儿童被禁止使用我们的网站。
某些怡安业务解决方案可能会处理与儿童相关的个人信息,例如其出生日期、地址和其他可识别信息。此个人信息不是直接从儿童那里收集的,而是从其他各方(如我们的客户或直接从您作为儿童的父母或监护人处)收集的(例如,以便儿童享受您的雇主所提供的特定福利)。
6. 我们保留您的个人信息多长时间?
我们保留您的个人信息的时间取决于获取您个人信息的目的及其性质。除非在法律要求且符合怡安个人信息保留政策的前提下,怡安可能延长保留期限,否则我们将仅在满足本声明所述目的所必需的期间内保留您的个人信息。当您的个人信息不再被需要时,它将被安全销毁。
7. 我们如何披露您的个人信息?
如有必要,我们通常会与以下类别的接收方共享您的个人信息,以便提供、掌握和管理提供给您的服务:
a. |
在怡安内部 我们可与其他怡安实体、品牌、部门和子公司共享您的个人信息,以便处理本声明中概述的处理目的 |
b. |
法律顾问理赔调查人员 必要时进行调查,为法律索赔或其他类似性质的索赔辩护 |
c. |
执法机构 如须按法律、司法程序、法令、规则、法规或专业标准需要这样做,或响应传票、搜查令或其他法律要求,并在必要时协助预防或侦查罪行或逮捕或起诉罪犯 |
d. |
公共当局、监管机构和政府机构 我们为履行法律及监管义务,或配合调查涉嫌或实际非法活动有关事项 |
e. |
第三方供应商 我们外包的业务处理供应商,其代表我们处理个人信息。例如管理我们的 IT 和后台系统和电信网络的 IT 服务提供商,以及信息联系中心的服务提供商。这些处个人信息处理活动保持在我们的控制之下,并将按照我们的安全标准和严格的指示进行 |
f. |
业务的继受方 在服务被整体或部分出售给其他组织,或在怡安与另一组织合并时,为进行尽职调查等事项我们将按照本声明与第三方共享相关的个人信息 |
g. |
内部和外部审计师 必要时为进行公司审计或调查投诉或安全威胁而进行共享 |
8. 我们会跨境传输您的个人信息吗?
我们是一个全球性组织,在特定场景下,可能根据适用法律跨境传输某些个人信息。当我们这样做时,我们将另行通知您并征得您的单独同意。如果适用法律要求我们使用各种法律机制来帮助确保您的权利和保护您的个人信息跨境传输,我们将严格遵守该等要求,以保障您的个人信息安全,例如:
- 根据中国网信部门的要求完成数据出境安全评估;
- 我们确保怡安实体之间的传输协议包含适用法律规定的内容,例如由中国网信部门发布的标准合同条款,该条款将要求各方确保个人信息得到充分和一致的保护;
- 如果我们从帮助我们提供的产品和服务的第三方处接收您的个人信息或将个人信息传输给该等第三方,我们将通过协议方式要求其承诺保护您的个人信息,在必要时将包含标准合同的条款;或
·
如果我们收到执法部门或监管机构的要求提供个人信息请求,我们会在披露任何个人信息之前仔细验证这些请求。
在需要时,您可以通过与我们联系获得有关这些保障措施的进一步信息。
9. 我们是否制定了安全措施来保护您的个人信息?
您的个人信息的安全性对我们很重要,怡安已实施合理的物理、技术和行政安全标准,以保护个人信息免受丢失、未经授权的访问、误用、更改或破坏,并确保根据适用的数据保护相关法律法规处理此类信息。
10. 有关个人信息的其他权利
依据某些豁免和您居住地的法域的要求,在某些情况下,根据我们从事的处理活动,您可能拥有与您的个人信息相关的某些权利。 我们列出了以下可能适用的一些共同权利。 当您行使这些权利时,我们可能需要在向您披露信息或响应您的请求之前,要求您提供其他信息以确认您的身份。我们不会收取费用,除非您的要求明显没有根据或超出必要限度,并且/或法律允许我们收取此类费用。
您可以通过联系我们行使您的权利。在法律和其他方面允许的考虑下,我们将尽一切合理努力及时满足您的请求,或在我们需要进一步信息以满足您的请求时通知您。 我们可能并不总是能够完全满足您的请求,例如,如果这将影响我们承诺他人的保密义务,或者如果我们在法律上有权以不同的方式处理请求。 如果我们不能完全满足您的请求,我们将与您联系,让您知道并向您解释请求被拒绝的原因。
访问权
在某些情况下,您有权访问和检查怡安持有的关于你的个人信息。如果您创建了个人资料,您可以访问您的帐户来访问该信息。
更正权
您可能有权要求我们在您的个人信息不准确或过时的情形下更正其个人信息。
删除权
在某些情况下,您有权删除您的个人信息。当您的个人信息不再需要被用于收集时的目的,并且我们没有处理您个人信息的其他法律基础,我们会删除您的个人信息。
限制处理权
在某些情况下,您有权要求限制您的个人信息进一步使用,例如,如果信息的准确性存在争议,您请求在确认其准确性之前不要使用该信息。
转移个人信息
在某些情况下,您有权获得数据便携性,这要求我们以常用的机器可读格式向您或其他个人信息处理者提供个人信息,但只有在基于 (i)获得您的同意:或(ii)履行您作为合同缔约方之一所必需。
撤回同意
您有权撤销您对我们处理您个人信息的同意(包括但不限于使用您的个人信息进行自动决策和直接营销)的同意。您的撤销同意将使我们无法继续向您提供相应的服务。然而您撤回同意的决定不会影响之前在您同意的基础上已经进行的个人信息处理活动。
拒绝自动决策的权利
您有权反对仅通过自动方式做出的涉及使用个人信息的决定。有关进一步信息,请参考下面的第十一节 (11)。
反对直接营销的权利
如果您的个人信息被用来进行直接营销,您有权随时反对我们对个人信息进行的相关处理。我们将与您沟通并向您提供有关如何选择退出营销计划的具体信息
11. 自动化决策
如果您申请或注册接受服务,我们将可能通过实时自动评估以确定您是否有资格接受该服务。自动化评估是使用技术手段(如计算机系统)自动进行的评估,无需人工参与。 此评估将分析您的个人信息,包括多项评估,例如信用记录和破产评估、驾驶执照和非法驾驶的验证、您以前索赔历史记录的验证以及其他欺诈预防检查。如果您的服务申请不符合合格标准,您的申请可能会被系统自动拒绝,在申请的过程中您将会收到有关此通知。 但是,如果相关决策仅通过自动化处理您的个人信息而作出,您有权对决定提出质疑,并要求我们通过人为干预的方式重新作出决策。如果您希望行使此权利,您应该联系我们。
12. 联系我们
如果您有任何问题,希望进一步了解我们有关您的个人信息处理事项,撤回您的同意,或希望就此声明提出投诉,请联系我们:
地址:上海市淮海中路381号中环广场38楼
邮编:200020
电子邮箱:cn.privacy@aon.com.cn
13. 本声明的更改
我们将会不时更新此声明。当我们这样做时,我们将在此网站上的发布当前最新版本并将修改版本的日期列明于此页面底部。
我们建议您定期查看本声明,以便您了解我们的隐私声明及对您个人信息处理的规则。
本声明的更新时间:2025年1月
Privacy Statement
Aon Enterprise Solutions (Shanghai) Co.,
Ltd. (“Aon”) is committed to protecting
your privacy. This commitment reflects the value we place on earning and
keeping the trust of our employees, customers, clients, business partners and
others who share their personal information with us.
What does this Privacy Statement do?
This Privacy Statement (“Statement”) is to provide you with scenarios of personal information handling
activities that may be in the course of Aon’s business operations, to explain to you how
Aon handles your personal information and the security measures that Aon is
committed to comply with. When we
collect your personal information, if the scenario cannot be covered by this
privacy statement, we will provide you with a more specific and tailored
privacy statement, including, but not limited to, the purpose, processing
methods and detailed scope of the personal information
under certain scenarios.
This Statement does not apply to your use of any third-party sites
linked to from this website or any websites which have their own privacy
notices.
This Statement aims to help you understand
how we collect, store, use, process, transfer, provide, disclose, delete
(collectively as “Handle”) your personal information.
PRIVACY STATEMENT
1. Who is responsible for your information?
2. How do we collect your information and what
information do we collect?
3. How do we use your personal information?
4. Legal basis
5. Do we collect information from children?
6. How long do we retain your personal
information?
7. How do we disclose your personal
information?
8. Do we transfer your personal information
across geographies?
9. Do we have security measures in place to
protect your information?
10. Other rights regarding your data
11. Automated Decisions
12. Contact Us
13. Changes to this Statement
1. Who is responsible for your personal
information?
Throughout this Statement, “Aon” refers to Aon Enterprise
Solutions (Shanghai) Co., Ltd., (also referred to as “we,” “us,” or “our”).
Personal information is collected by Aon who is responsible for its processing
in their capacity as a personal information handler. Aon also provides services
to our clients as an engaged processer. Where this is the case we will handle
your personal information in line with our legal obligations and contractual
commitments with our clients.
2. How do we collect your personal
information and what information do we collect?
The personal information we collect varies
depending upon the nature of our services. When you submit personal information
to us on our official website, we will process the personal information you
submit for the following purposes and in the following ways:
Processing Purposes |
Personal Information
Categories |
Processing Methods |
Invite you to participate in our online or offline
events, surveys, send you HR industry updates or interact with you via social
media |
Your basic information (name, email address, mobile
phone number, WeChat account), your basic human resources information (the
name of the company, the industry you belong to, the position you hold, your
work location and the geographical area you are responsible for) |
Collect the personal information that you voluntarily
submit to us as described on the left in the scenarios where you interact
with us, and store, use, process, transmit, delete in compliance with
applicable laws and regulations. |
When you visit our official website and get in touch
with us, in order to handle your enquiry, provide you with white papers or
industry reports that we share on our website |
Your basic information (name, email address, mobile
phone number), your basic human resources information (name of company,
industry, position held, your work location and the geographical area you are
responsible for) |
Collect the personal information that you voluntarily
submit to us as described on the left in the scenarios where you interact
with us, and store, use, process, transmit, delete in compliance with
applicable laws and regulations. |
More information about the personal
information collected for each of our services provided by
us in other scenarios, together with
the purpose and legal basis for collecting the information, may be provided to
you in separate privacy notices relevant to the applicable services. An overview is provided below:
a. Aon collects personal information in the
following ways:
Personal Information you
provide to us
Aon collects information directly from you
when you:
·
Request a service from us;
·
Visit an Aon site or attend an Aon event;
·
Apply for a position at Aon;
·
Contact us with a complaint or query;
·
Engage with us over social media; or
·
Register with or use any of our websites or applications.
You are required to provide any
personal information we reasonably require (in a form acceptable to us) to meet
our obligations in connection with the services we provide to you or your
employer, including any legal and regulatory obligations. Where you fail to
provide or delay in providing information we reasonably require to fulfill
these obligations, we may be unable to offer the services to you or your
employer and/or we may terminate the services provided with immediate effect.
Where you provide personal information to
Aon about third-party individuals (e.g., information about your spouse, civil
partner, child(ren), dependents or emergency contacts), where appropriate, you
should provide these individuals with a copy of this Statement or any
applicable Privacy Notices related to specific services beforehand or ensure
they are otherwise made aware of how their personal information will be used by
Aon. Where we are unable to establish direct communication channels with such
third party individuals, we may require you to undertake that you have obtained
their express consents on our behalf.
Personal Information we automatically
collect
In some instances, we automatically collect
certain types of information when you visit our websites and through e-mails
that we may exchange. Automated technologies may include the use of web server
logs to collect IP addresses, "cookies" and web beacons. Further
information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the
footer of our page (where applicable).
Personal Information we collect from
clients or third parties
When we provide the services to our
clients, we may collect personal information from our clients about you, such
as your name, contact details, date of birth, gender, marital status, financial
details, employment details, and benefit coverage. We may also collect (in each
case as strictly relevant to the services we provide) sensitive personal
information about you, such as your compensation data. The personal information
we receive relates to the services we provide to you or your employer. Where
permitted by national law, and appropriate to do so, we may collect criminal
records information; for example, where required as part of our business
acceptance, finance, administration, recruitment, anti-money laundering and
sanctions screening processes. The personal information handling rules may be
provided to you in separate privacy notices relevant to the applicable
services.
b. The personal information we collect about
you may include the following:
a. |
Basic personal details, such as your name, address contact details, date of
birth, age, gender and marital status; |
b. |
Unique identifiers such as your national ID information or passport
information; |
c. |
Demographic details, such as information about your age, gender, race,
marital status, lifestyle, and insurance requirements; |
d. |
Employment information such as role, employment status (such as
full/part time, contract), salary information, employment benefits, and
employment history; |
e. |
Health information such as information about your health status,
medical records and medical assessment outcomes; |
f. |
Benefits information such as benefit elections, pension entitlement
information, date of retirement and any relevant matters impacting your
benefits such as voluntary contributions, pension sharing orders, tax
protections or other adjustments; |
g. |
Financial details such as payment card and bank account details,
details of your credit history and bankruptcy status, salary, tax code,
third-party deductions, bonus payments, benefits and entitlement data,
national insurance contributions details; |
i. |
Your marketing preferences; |
j. |
Online information: e.g., information about your visits to our
websites; |
k. |
Events information such as information about your interest in and
attendance at our events, including provision of feedback forms; |
l. |
Social media information such as interactions (e.g., likes and posts) with
our social media presence; and |
Where we collect sensitive personal
information (such as your compensation data or alleged criminal activities), we
will ensure that it is necessary and is Handled in accordance with applicable
laws, which may include obtaining your explicit consent and/or necessary
authorizations prior to collection.
3. How do we use your personal information?
The following is a summary of the purposes
for which we use personal information. More information about the personal
information collected for each of our services, together with the purpose and
legal basis for collecting the information, may be provided to you in separate
privacy notices which are relevant to the services which affect you.
Performing
services for our clients
We Handle personal information which our
clients provide to us to perform data solutions services and
advisory and consulting services across jobs, industries, markets and sectors
on aspects. The precise purposes for which your personal information is Handled
will be determined by the scope and specification of our client engagement, and
by applicable laws, regulatory guidance and professional standards.
Administering
our client engagements
We process personal information about our
clients and the individual representatives of our corporate clients to:
- Carry out Aon’s regulatory and compliance
obligations, including:
o
"Know Your Customer" checks and screening;
o
Anti-money laundering;
o
Trade sanctions screening;
o
Obtain and update credit information with appropriate third parties, such
as credit reporting agencies, where transactions are made on credit;
- Communicate with our clients;
- Address client inquiries and complaints; and
- Administer claims.
Communications
and marketing to our clients and prospective clients
We Handle personal information about our
clients, prospective clients, and the individual representatives of our
corporate clients to send newsletters, know-how, promotional material and other
marketing communications; and invite our clients to events, including arranging
and administering those events.
Conducting data
analytics, benchmarking and modeling
Aon is an innovative business, which relies
on developing sophisticated products and services by drawing on our experience
from prior engagements to analyze trends. Aon also uses data to perform
analysis, modeling, benchmarking and research.
Mergers and
acquisitions
We Handle personal information in the event
of a sale, acquisition or reorganization. This includes processing personal
information for planning and due diligence purposes both prior to closing and
after a transaction has closed for reasons related to the sale, acquisition, or
reorganization and in order to transfer books of business to successors of the
business.
Process and
service improvement
We Handle personal information to maintain
and improve processes used in providing the services and uses of technology,
including testing and upgrading of systems. We also handle personal
information to develop new services.
If we wish to use your personal information
for a purpose which is not compatible with the purpose for which it was
collected, we will request your consent unless your personal information is
being processed to satisfy our legal and regulatory obligations. In all cases,
we balance our legal use of your personal information with your interests,
rights, and freedoms in accordance with applicable laws and regulations to make
sure that your personal information is not subject to unnecessary risk.
4. Legal basis
We rely on the following legal grounds to
collect and use your personal information:
a. |
Performance of the service contract |
Where we offer services or enter into a
contract with you to provide services, we will collect and use your personal
information where necessary to enable us to take steps to offer you the
services, process your acceptance of the offer and fulfill our obligations in
the contract with you. |
b. |
Legal and regulatory obligations |
The collection and use of some aspects of
your personal information is necessary to enable us to meet our legal and
regulatory obligations. |
c. |
Consent |
In certain instances, we rely on your
consent as a legal basis. Where we rely on your consent to collect
and use your information, you are not obliged to provide your consent and you
may choose to subsequently withdraw your consent at any stage once provided.
However, where you refuse to provide information that we reasonably require
to provide the services, we may be unable to offer you the services and/or we
may terminate the services provided with immediate effect. Where you choose to receive the services
from us you agree to the collection and use of your personal information in
the way we describe in relevant statements. |
d. |
Substantial public interest (in
accordance with applicable law) |
If applicable law allows, we may collect
and use your information for a substantial public interest. For example, to
prevent or detect unlawful acts or in public health; to protect of life,
health and property safety of natural persons under emergency circumstances |
e. |
Public Disclosure |
Unless otherwise prohibited by the
applicable or expressed refused by you, we will collect and use your personal
information in public domain within reasonable scope. |
5. Do we collect personal information from
children?
Our websites and services are not directed to children and we do not
knowingly collect personal information from children on our websites. Children
are prohibited from using our websites.
Certain Aon solution lines may process
personal information related to children, such as their date of birth, address,
and other identifiable information. This personal information is not collected
directly from children, but from other parties such as from our client, or
directly from you as the parent or guardian of the child (e.g., so that
children canenjoy specific benefits offered by your
employer).
6. How long do we retain your personal
information?
How long we retain your personal
information depends on the purpose for which it was obtained and its nature. We
will keep your personal information for the period necessary to fulfil the
purposes described in this Statement unless a longer retention period is
permitted or required by law and in accordance with the Aon Record Retention
Policy. Your personal information will be securely destroyed when it is no
longer required.
7. How do we disclose your personal
information?
We generally share your personal
information with the following categories of recipients where necessary to
offer, administer and manage the services provided to you:
a. |
Within Aon: we may share your personal
information with other Aon entities, brands, divisions, and subsidiaries for
the processing purposes outlined in this Statement; |
b. |
Legal advisers and claims investigators, where necessary to investigate,
exercise or defend legal claims or other claims of a similar nature; |
c. |
Law enforcement bodies, when required to do so by law,
legal process, statute, rule, regulation, or professional standard, or to
respond to a subpoena, search warrant, or other legal request, and where
necessary to facilitate the prevention or detection of crime or the apprehension
or prosecution of offenders; |
d. |
Public authorities, regulators and
government bodies, where
necessary for us to comply with our legal and regulatory obligations, or in
connection with an investigation of suspected or actual illegal activity; |
e. |
Third-party suppliers, where we outsource our processing
operations to suppliers that process personal information on our behalf.
Examples include IT service providers who manage our IT and back office
systems and telecommunications networks, and contact center providers. These
processing operations shall remain under our control and will be carried out
in accordance with our security standards and strict instructions; |
f. |
Successors of the business, where Aon or the services are sold
to, acquired by or merged with another organization, in whole or in part, and
personal information needs to be shared with relevant third parties as part
of due diligence processes and transfers to the new entity. Where personal
information is shared in these circumstances it will shared in accordance
with this Statement; and |
g. |
Internal and external auditors where necessary for the conduct of
company audits or to investigate a complaint or security threat. |
8. Do we transfer your personal information
across geographies?
We are a global organization and in certain
scenarios, we may transfer certain personal information across geographical
borders in accordance with applicable law.
When we do, we may notify
you separately and obtain your separate consent. If the applicable law requires that we use a variety of legal mechanisms to
help ensure your rights and protections travel with your data, we will strictly comply with such requirements in order to protect the
security of your personal information, such as:
- Completion of the Data Cross-border Transfer Security Assessment in
accordance with the requirements of the Cyberspace Administration of China
(“China CAC”).
- We ensure transfers between Aon entities are covered
by agreements that incorporate prescribed contractual wording, such as the
standard contract in relation to cross-border transfer issued by China
CAC, which contractually oblige each party to ensure that personal
information receives an adequate and consistent level of protection.
- Where we transfer to or receive your personal
information from third parties who help provide our products and services,
we obtain contractual commitments from them to protect your personal
information, which incorporate standard contractual clauses where
required.
- Where we receive requests for information from law
enforcement or regulators, we carefully validate these requests before any
personal information is disclosed.
Where required, further information
concerning these safeguards can be obtained by contacting us.
9. Do we have security measures in place to
protect your personal information?
The security of your personal information
is important to us and Aon has implemented reasonable physical, technical and
administrative security standards in an effort to protect personal information
from loss, unauthorized access, misuse, alteration or destruction and to ensure
that such information is processed in accordance with applicable data privacy
laws.
10. Other rights regarding your personal
information
Subject to certain exemptions and the
jurisdiction in which you live, and in some cases dependent upon the processing
activity we are undertaking, you may have certain rights in relation to your
personal information. We have listed some of the common rights that may be
applicable below. When you exercise these rights, we may need to ask you for
additional information to confirm your identity, before disclosing information
to you or responding to your request. We will not charge a fee unless your
request is manifestly unfounded or excessive and/or we are permitted by law to
levy such charges.
You can exercise your rights by contacting
us. Subject to legal and other permissible considerations, we will make every
reasonable effort to honor your request promptly or inform you if we require
further information in order to fulfill your request. We may not always be able
to fully address your request, for example if it would impact the duty of
confidentiality we owe to others, or if we are legally entitled to deal with
the request in a different way. If we cannot fully address your request, we will
contact you to let you know and explain the reason why your request was denied.
Right to Access
You have the right under certain circumstances to access and inspect personal
information which Aon holds about you. If you have created a profile, you can
access that information by visiting your account.
Right to Correction
You may have the right to request us to correct your personal information where
it is inaccurate or out of date.
Right to be Forgotten (Right to Delete)
You have the right under certain circumstances to have your personal
information erased. Your personal information will be erased if your personal
information is no longer necessary for the purpose for which it was collected,
and we have no other legal ground for processing the personal information.
Right to Restrict Processing
You have the right under certain circumstances to request the restriction of
your personal information from further use, e.g., where the accuracy of the
information is disputed, and you request that the information not be used until
its accuracy is confirmed.
Right to Transfer (Data Portability)
You have the right under certain circumstances to personal information
transfer, which requires us to provide personal information to you or another
personal information handler in a commonly used, machine readable format, but
only where the processing of that information is based on (i) consent; or (ii)
the performance of a contract to which you are a party.
Right to withdraw consent
You have the right to withdraw your consent regarding the Handling of your
personal information (including but not limited to the handling of your
personal information for automatic decision making and direct marketing). Your
withdrawal of consent will prevent us from continuing to provide you with the
corresponding services. However, your decision to withdraw your consent will
not affect the Handling of personal information previously carried out on the
basis of your consent.
Right to Decline Automated Decision Making
You have the right to object to decisions involving the use of your personal
information, which have been taken solely by automated means. See section
eleven (11) below for further information.
Right to Object to Direct Marketing
Where your personal information is processed for direct marketing purposes, you
shall have the right to object at any time to processing of personal
information concerning him or her for such marketing. We will provide specific
information on how to opt-out from our marketing initiatives through the medium
we communicate with you.
11. Automated Decisions
Where you apply or register to receive the
service we may carry out a real-time automated assessment to determine whether
you are eligible to receive the service. An automated assessment is an
assessment carried out automatically using technological means (e.g., computer
systems) without human involvement. This assessment will analyse your personal
information and comprise several checks, e.g., credit history and bankruptcy
check, validation of your driving licence and motoring convictions, validation
of your previous claims history and other fraud prevention checks. Where your
application to receive the service does not appear to meet the eligible
criteria, it may be automatically refused, and you will receive notification of
this during the application process. However, where a decision is taken solely
by automated means involving the use of your personal information, you have the
right to challenge the decision and ask us to reconsider the matter, with human
intervention. If you wish to exercise this right, you should contact us.
12. Contact Us
If you have any questions, would like
further information about our privacy and personal information handling practices, would like
to discuss opt-outs or withdrawing consent, or would like to make a complaint
about this Statement, please contact us:
Shanghai Central Plaza, 38/F
Shanghai, 200020
China
Email: cn.privacy@aon.com.cn
13. Changes to this Statement
We may update this Statement from time to
time. When we do, we will post the current version on this site, and we will
revise the version date located at the bottom of this page.
We encourage you to periodically review
this Statement so that you will be aware of our privacy practices.
This Statement was last updated in January 2025.