Norway

 

Information on Aon’s processing of your personal data

 

 

We protect your personal data
Your employer is working with Aon to provide the best possible insurance arrangements. To that end, Aon may need to process your personal data, as received either from you directly, your employer, or from an insurance carrier. Protecting and respecting your privacy is very important to Aon. This letter provides information about the steps we take to process your personal data safely, securely, and lawfully.

Aon is responsible for the personal information we process
Aon Norway AS acts as data controller in relation to the personal data we process when we deliver services as an insurance advisor and broker. This means that we may collect, store, process, delete, and if necessary, disclose your personal data to a third party or in other ways process your personal data, when this is necessary in order to provide our services in the best possible way.

What types of personal data do we process and to what purpose?
Depending on what risk insurance and services our agreement with your employer includes, Aon may collect and process the following data about you, all to provide you and your employer with the best possible services and advice:

  • If you are designated as your employer’s contact person towards Aon, we may process your name, contact information and position.
  • As regards auto insurance we may, in case your employer provides you with a car, also process information about that car (license plates, type of car and model year, yearly vehicle license fee, owner and/or leasing company).
  • In case Aon is assisting with an insurance claim, we may additionally need to process data regarding your health/injury.
 

Legal basis for processing
Aon's processing of the above-mentioned personal data is based on the following legal basis:

  1. Our legitimate interest in providing you and your employer with the best possible advice as regards insurance services, including fulfilling our agreement with your employer,
  2. Specifically, as regards personal ID numbers, when necessary to provide us with your unique identification,
  3. as regards health or injury information, to the degree they are necessary to establish, claim or defend your own, your employers or Aon’s legal rights, and
  4. to maintain our obligations pursuant to applicable law, e.g., the Sanctions Act, the Bookkeeping Act, and the Anti-Money Laundering Act.
 

Disclosing personal data to third parties
Aon will process your personal data in a correct and secure way. We neither sell, publish nor in any other way disclose your data to a third party without your consent, unless necessary to either fulfill an agreement with you or your employer, or to ensure compliance with applicable Norwegian law. Aon will not use your personal data for any other purposes than those described in this document.

It may be necessary for us to disclose your data to affiliates, subsidiaries (a complete list of our affiliated companies is available here) and some selected, trusted partners in order to be able to provide you and/or your employer with our service and advice. Such partners include insurance carriers, and other third parties that may use your personal data for the purpose of establish or adjust insurance schemes that you are a member of or covered by.

It is our responsibility to ensure that your personal data is not misused. We therefore place strict requirements on our partners when your personal data is processed outside Aon. We always demand our partners guarantee that your personal data is handled correctly and duly protected.

In connection with IT development, hosting and support, personal information may be transferred to data processors, including data processors in the United Kingdom which the EU Commission has approved as a secure third country.

Secure processing of your personal information
Aon is obliged to protect your personal information. We use technical and organizational measures to protect ourselves against unauthorized access, the use and destruction of, changes to, or publication of your personal information. To ensure data security and integrity, we have limited the number of people with access to your personal information to a strict need-to-have basis.

Furthermore, all Aon employees must observe internal procedures and rules regarding the processing of personal information and are obliged to attend training on the secure processing of personal information.

Deletion of Personal Data
We will delete your personal information ten years after the end of the year in which we received it, and we no longer need to document the advice we have provided you. Identity and transaction information will be saved for at least five years according to the Book-keeping Act and the Anti-Money Laundering Act.

Your rights
You have the right to receive information regarding the processing of your personal data as well as a copy of the personal information that we process about you. If you become aware that the personal information, we process about you is inaccurate or incomplete, you have the right to have it corrected.

You also have the right to object to our processing of your personal information and request it is deleted, or restricted.

If your request is justified, we will correct, delete, or restrict the processing of your personal information accordingly. We reserve the right to require from you verification of your identity before we respond to your request.

You also have the right to lodge a complaint about Aon’s processing of your personal data with the supervisory authority of Norway, Datatilsynet. Your complaint should be sent to: Datatilsynet, P.O. Box 8177, 0034 Oslo or by e-mail: [email protected]. +47 22 39 69 00.

For more information
If you want to know more or if you wish to exercise your rights described above, please contact our Data Protection Officer (DPO) by writing to [email protected].

 

Last updated 16 February 2024.