Privacy Notice

 

1. Introduction

This Privacy Notice ("Notice") explains how the Talent Solutions and Performance & Analytics Practice at Aon including its affiliated companies and subsidiaries makes use of the personal information collected about you in connection with our services. Throughout this Notice, Aon may be referred to as “we”, “us”, “our” or “Aon”.

1.2 We reserve the right to: (i) refuse or delay access; (ii) organize, remove or add content posted to the Site; and (iii) perform maintenance and administration of the Site. Notwithstanding our right to supervise and control the Site and all content thereon, including, without limitation, those specific actions set out above, we assume no obligation to perform such duties.

The Talent Solutions and Performance & Analytics Practice at Aon (which delivers products and services under Aon, McLagan, and Radford – collectively known as “Talent Solutions and Performance & Analytics Practice”), is a professional services unit within Aon providing a broad range of compensation benchmarking, analytics, and advisory services.

The Talent Solutions and Performance & Analytics Practice is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our clients, business partners, and others who share their personal information with us.

2. Collecting Your Information

The personal information we collect varies depending upon the nature of our services. Where we collect sensitive personal information (such as special category data), this information is only collected where strictly relevant to the services we provide and is carried out in accordance with applicable law.

2.1 The information we collect about you may include the following:

a. demographic information related to the business performance and operations of our client companies, including, but not limited to, financial metrics, global headcount, global employee distribution and/or locations, and organizational structures/reporting relationships.

b. demographic information related to the employees of our client companies, including, but not limited to, basic personal details, age, gender, education, professional experience, job title, job role, basic HR details, and individual performance levels.

c. compensation information related to the operations of our client companies, including, but not limited to, plan documents, pay structures/ranges and plan design, eligibility, and metrics.

d. other relevant information that may be needed to deliver our services, such as occupation, language, zip code, area code, location, and the time zone in relation to the employees of our client companies.

e. compensation information related to the employees of our client companies, including, but not limited to, base salaries, allowances, bonuses, and long-term cash and equity incentives.

f. marketing and communications preferences: such as interests and preferred language.

g. online information such as computer, device, and connection information (e.g., IP address, browser type, location, operating system, unique device identifier), usage data collected when visiting our websites (e.g., email address, page views, user interactions, timing and location (e.g., city, region, country).

h. events information such as information about your interest in and attendance at our events, including provision of feedback forms.

i. background checking information such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offences, or confirmation of clean criminal records, information in relation to politically exposed persons ("PEPs").

j. account login credentials such as username and password, password hints and security information related to a service we provide.

k. comments, feedback, or other information provided to us: such as social media interactions with our social media presence, comments provided on feedback forms or surveys and questions or information sent to our support services.

2.2 We ask you to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Should you wish not to provide or delay in providing such necessary information to us, we reasonably require to fulfil these obligations, we may be unable to offer the services to you and/or we may terminate the services if not possible to fulfil the services without the respective information.

2.3 Where you provide personal information to Aon about third party individuals (e.g., information about your employees), where appropriate, you should provide these individuals with a copy of this Notice beforehand or ensure they are otherwise made aware of how their information will be used by Aon for the purposes of the services.

2.4 In addition we may also collect personal information about you from other third parties, such as your employer, government bodies, and other professional advisory service providers. This information may be sourced prior to and while providing the services

3. Processing Your Information

3.1 We will use the information we collect about you in connection with the services to:

a. process personal information which our client companies provided to us to perform our Talent Solutions and Performance & Analytics Practice services. This may impact you, for example, where you are the employee of our client companies. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance, and professional standards. It is the obligation of our client companies to ensure that you understand that your personal information will be disclosed to the Talent Solutions and Performance & Analytics Practice at Aon as outlined in this Notice.

b. perform services for our client companies and to administer our engagements with them including carrying out communications, billing and associated administrative tasks.

c. complete client projects and to secure client feedback on the services provided and to manage client complaints and requests related to the services provided.

d. to contact our prospects and clients in relation to current, future, and proposed engagements and to offer other products and services that may be of interest to them.

e. send our prospects and clients newsletters, know-how, promotional material such as white papers, case studies, and social media content other marketing communications and to invite them to events and arrange and administer those events.

f. fulfil legal and regulatory obligations and monitor compliance with the same.

g. facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders.

h. transfer books of business to successors of the business in the event of a sale or reorganisation; including the planning and due diligence purposes both prior to closing and after a transaction has closed.

i. conduct market research and canvass your views about the services to develop and improve our products and service offerings generally.

j. gather activities or usage data of our websites, mobile applications or through our services for the purposes of usage analysis.

k. perform analytics and to analyse trends in order to develop and improve our products and services generally. In this regard, we are an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements. We are not concerned with an analysis of identifiable individuals, and we take steps to ensure that individuals’ rights and the legitimacy of our activities are ensured using aggregated or otherwise de-identified data.

If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will generally request your consent. In all cases, we balance our legal use of personal information with the individual’s interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that personal information is not subject to unnecessary risk.

4. Legal Grounds for Processing

We rely on the following legal grounds to collect and use your personal information:

a. Performance of the service contract Where we offer the services or enter into a contract with you to provide the services, we will collect and use your personal information where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you, , especially for the processing activities set out in sections 3(a) and 3(b) of this Notice.
b. Legal and regulatory obligations The collection and use of some aspects of your personal information is necessary to enable us to meet our legal and regulatory obligations particularly for the processing activities set out in sections 3 (f) and (g) of this Notice. For example, where we are required to collect certain information about our client companies for tax or accounting purposes, or where we are required to make disclosures to courts or regulators.
c. Legitimate interests The collection and use of some aspects of your personal information is necessary to enable us to pursue our legitimate commercial interests, e.g. to operate our business, particularly where we offer other products and services that may be of interest to you or conduct market research to improve our products and services generally including for the processing activities set out in sections 3(c), (d), (e), (h), (i), (j) and (k) of this Notice. Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.
d. Preventing and detecting fraud We will use your personal information, including information relating to criminal convictions or alleged offences to prevent and detect fraud, other financial crime, and crime generally particularly for the processing activities set out in section 3 (g) of this Notice.
e. Consent Where we offer the services or enter into a contract with you to provide the services, we will collect and use your personal information where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you, , especially for the processing activities set out in sections 3(a) and 3(b) of this Notice.
a. Performance of the service contract Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, should you wish not to provide such necessary information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided if not possible to fulfil the services without the respective information.

5. Accuracy of Your Information

We rely on the availability of accurate personal information to provide the services to you and operate our business. You should therefore notify us of any changes to your personal information, particularly changes concerning client companies including contact details, bank account details or any other information that may affect the proper management and administration of the services provided to you.

6. Recipients of Your Information

We generally share your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you:

a. within Aon, we may share your personal information with other Aon entities, brands, divisions, and subsidiaries for the processing purposes outlined in this Notice.

b. legal advisers, where necessary to investigate, exercise or defend legal claims, or other claims of a similar nature.

c. law enforcement bodies, where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders.

d. public authorities, regulators, and government bodies, where necessary for us to comply with our legal and regulatory obligations.

e. third party suppliers, where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions.

f. successors of the business, where Aon or the services are sold to, acquired by, or merged with another organisation, in whole or in part. Where personal information is shared in these circumstances, it will continue to be used in accordance with this Notice.

g. business partners: such as joint venture entities, sponsors and/or other third-party business partners who collaborate or co-operate with Aon on projects, events, products, or services. You should refer to their privacy notices for more information about their privacy practices.;

h. internal and external auditors,: where necessary for the conduct of company audits or to investigate a complaint or security threat.

i. Marketing and/or Data analytics companies where you have consented via our OneTrust Cookie preference centre to allow tracking and advertising cookies to be dropped on your browser.

6.1 We do not rent, sell, or otherwise disclose personal information with unaffiliated third parties for their own marketing use. We do not share your personal information with third parties except in the following circumstances outlined above. These third parties appropriately safeguard your personal information, and their activities are limited to the purposes for which your personal information was provided.

7. Overseas Transfers of Your Information

7.1 We operate on a global and worldwide basis, and we therefore reserve the right to transfer personal information about you to other countries, including without limitation United Sates of America, United Kingdom, and India to be processed for the purposes outlined in the Notice. In particular, we may make such transfers to offer, administer and manage the services provided to you and improve the efficiency of our business operations. We shall ensure that such transfers comply with all applicable data privacy laws and regulations and provide appropriate protection for the rights and freedoms conferred to individuals under such laws..

7.2 Where we collect personal information about you in the UK or the European Economic Area (the "EEA") we may transfer the information to countries outside the UK or EEA for the processing purposes outlined in this Notice. This may include transfers to countries that the European Commission (the "EC") and UK data protection regulator consider providing adequate data privacy safeguards and to some countries that are not subject to an adequacy decision. Aon has an intra-group data transfer agreement in place which regulates cross-border transfers of your personal information within the Aon Group, and which incorporates the UK and EU standard contractual clauses approved by the EC and UK data protection regulator. Where we transfer personal information to third parties located in countries that are not subject to an adequacy decision we shall put in place appropriate safeguards, such as the aforementioned data transfer agreements approved by the EC or UK data protection regulator, as appropriate. Where necessary, we may implement additional technical, organizational, or contractual measures to ensure an adequate level of protection for your personal information. Where required, further information concerning these safeguards can be obtained by contacting us.

8. Retention of Your Information

We retain appropriate records of your personal information to operate our business and comply with our legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the services to you. In most cases we shall retain your personal information for no longer than is required under the applicable laws. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

9. Information Security

The security of your personal information is important to us, and we have implemented appropriate security measures to protect the confidentiality, integrity and availability of the personal information we collect about you and ensure that such information is processed in accordance with applicable data privacy laws.

10. Your Information Rights

10.1 You have the following rights under applicable data privacy laws in respect of any personal information we collect and use about you:

a. The right to access and inspect your personal information or be provided with a permanent copy of the information being held about you.

b. The right to request the correction of your personal information or in cases where the accuracy of information is disputed, to supplement the information to give notice that you dispute its accuracy.

c. The right to request the erasure of your personal information, particularly where the continued use of the information is no longer necessary.

d. The right to object to the use of your personal information, particularly where you feel there are no longer sufficient legitimate grounds for us to continue processing the information.

e. The right to object to the use of your personal information for direct marketing purposes. See section eleven (11) below for further information.

f. The right to request the restriction of your personal information from further use, e.g., where the accuracy of the information is disputed and you request that the information not be used until its accuracy is confirmed.

g. The right to request that some aspects of your personal information be provided to you or a third party of your choice in electronic form to enable its reuse.

h. Right to lodge a complaint with the regulator: a right to complain to the relevant data protection regulator about our processing of your personal information

I. The right to withdraw consent at any time, whenever we have asked for your consent for processing your personal information without affecting the lawfulness of processing based on consent before its withdrawal. See section four (4)(d) above for further information.

j. The right to complain to the relevant data protection regulator about our processing of your personal information.

10.2 It is important to note, however, that some of the rights described above in section 10.1 can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy laws, we will write to you to explain the reason for refusal (e.g., for compliance with a legal obligation, for the establishment, exercise or defence of legal claims or legal exemptions). Where required, further information concerning these rights and their application can be obtained by contacting us.

10.3
Global Privacy Control (GPC) Signal.
Under the CCPA (California Consumer Privacy Act) and other applicable laws, you have the right to opt out of the use of your personal information for targeted advertising purposes. To communicate your desire to opt-out, you may configure your browser to send the Global Privacy Control ("GPC") signal, which will transmit your opt-out request to Aon automatically.
To turn on the GPC signal, you can download one of the supported browsers or extensions. You may visit https://globalprivacycontrol.org/#download for a list of the available browsers or extensions.

11. Direct Marketing

We will use your personal information to send you direct marketing about other products and services that we feel may be of interest to you. Your personal information will only be used for direct marketing in accordance with applicable laws and regulations. We will always give you the opportunity to refuse direct marketing when you receive direct marketing communications from us (usually in the form of an " Unsubscribe link"). You can also change your marketing preferences at any stage by contacting us via Aon Global Preference Center. Please note that, even if you opt out of receiving direct marketing communications, we may still send you service-related communications where necessary.

Aon may conduct targeted advertising as described in this Notice and in particular at “Information we automatically collect” based on your visits to our website. “Cookies” and similar data collection tools placed on your browser in accordance with our Cookies Notice and Preference Center may result in the display of Aon advertisements when you visit a third-party website. Where your personal information is processed for direct or targeted marketing purposes, you shall have the right to object at any time to processing of personal information. You may opt out of targeted advertising related to this website at any time by clicking “Do Not Sell or Share My Personal Information” in the footer on this website.

12. Cookies

Our websites may utilise cookies to ensure that basic functionality of our site is maintained and tracking technologies (such as web beacons, gif or pixel tags)for analytics purposes. We may also want to set either first- or third-party optional cookies to improve the experience on our websites. To view the categories of cookies on each of our websites, please utilise our OneTrust Cookie Preference Center, which may be found as a footer of our websites and/or when you first visit our websites. We ensure that our use of cookies is in line with local legal and regulatory requirements, and as such have ensured that the behaviour and appearance of our Cookie Preference Center is based on the geolocation of your IP address.

13. Complaints

If you wish to make a complaint about the way, we use your personal information you should raise this with us by contacting us in the first instance:

Aon Global Privacy Office
Aon plc
200 E. Randolph
Chicago
Illinois 60601
United States of America
Email: privacy@aon.com.

However, if you are not satisfied with the way we have handled your complaint you have the right to raise the matter with the relevant data protection regulator in your country.

14. Changes to this Notice

This Notice is not contractual, and Aon reserves the right to reasonably amend it from time to time to ensure it continues to accurately reflect the way that we collect and use personal information about you. Any updates or changes to this Notice will be made available to you. You should periodically review this Notice to ensure you understand how we collect and use your personal information.

15. Country specific privacy notice

Aon, including its affiliated companies and subsidiaries, recognizes that as the landscape of data privacy regulations evolves, there may be additional policy notices pertinent to your location. For more information about how Aon collects, discloses, and shares sensitive personal information of specific US state residents, please reference the Privacy Notice for US Locations available here. All other applicable location-specific notices will also be accessible when you click on this link.

16. Contact Information

If you have any questions about the content of this Notice or the rights conferred to you under the applicable data privacy laws, you should contact the Data Protection Officer via the Global Privacy Office at the following address:

Aon Global Privacy Office
Aon plc
200 E. Randolph
Chicago
Illinois 60601
United States of America
Email: privacy@aon.com.

This Notice was last updated on 2nd January 2025