Information on Aon’s processing of your personal data
We protect your personal data
Your employer is working with Aon to provide you with the best possible insurance and/or pension arrangements. To that end, Aon may need to process your personal data, as received either from you directly, from your employer, or from an insurance carrier/pension provider. Protecting and respecting your privacy is very important to Aon. This letter provides information about the steps we take to process your personal data safely, securely, and lawfully.
Aon is responsible for the personal information we process
Aon Norway AS acts as data controller in relation to the personal data we process when we deliver services as an insurance and/or pension advisor and broker. This means that we may collect, store, process, delete, and if necessary, disclose your personal data to a third party or in other ways process your personal data, when this is necessary in order to provide our services in the best possible way.
What types of personal data do we process and to what purpose?
Depending on what services our agreement with your employer includes, Aon may collect and process the following data about you, all to provide you and your employer with the best possible services and advise:
- If you are designated as your employer’s contact person towards Aon, we may process your name, contact information and position, and, provided that our services include life and or pension insurance, we may also process personal ID number and passport information.
- If you are a member of a personal insurance and pension arrangements which we are arranging for your employer we may process your name, contact information, position, personal ID number, information regarding salary and other compensation, family relations and on whether you are an early retiree.
- As regards travel insurance we may process information about your name, date of birth, passport or visa, and travel information in case you need verification of insurance coverage for a specific country or area.
- If you are receiving insurance services from Aon as a stationed or expatriate employee, we may process the following personal information regarding both yourself and family members: Name, contact information, family relations, and personal ID number. If you are the one providing us with the personal information of the members of your family, please make sure that they are made aware of our processing of their personal information and that they receive a copy of this letter.
- In case of Aon assisting in an insurance claim, we may additionally need to process data regarding your health and injury status.
Legal basis for data processing
Aon's processing of the above-mentioned personal data is based on the following legal basis:
- Our legitimate interest in providing you and your employer with the best possible advice as regards insurance and pension services, including fulfilling our agreement with your employer,
- specifically, as regards personal ID numbers, when necessary to provide us with your unique identification,
- as regards health or injury information, to the degree they are necessary to establish, claim or defend your own, your employers or Aon’s legal rights,
- to maintain our obligations pursuant to applicable law, e.g., the Bookkeeping Act, the Anti-Money Laundering Act and the Sanctions Act.
Disclosing personal information to third parties
The lawful and transparent processing of your personal information is very important to Aon. We will not sell, publish or in any way disclose information to a third party without your consent, unless it is necessary to fulfil an agreement with you, your employer or to ensure compliance with applicable Swedish law. We will not use your personal information for any other purposes than those described in this notice.
It may be necessary to disclose your personal information to selected and trusted partners to provide you with our services and advice. We will for example disclose information insurance companies in connection with establishment and adjustment of your insurance scheme. It may also be necessary to pass on your personal information to Aon's group companies in order to provide our services and advice to you. You can find a list of our Aon companies here.
It is our responsibility to ensure that your personal information is not unnecessarily processed or abused. We therefore place heavy demands on our partners when your personal information is used outside Aon and ensure that our partners guarantee that your personal information is duly protected.
In connection with IT development, hosting and support, personal information may be transferred to data processors, including data processors in the United Kingdom which the EU Commission has approved as a secure third country.
Secure processing of your personal information
Aon is obliged to protect your personal information. We use technical and organizational measures to protect ourselves against unauthorized access, the use and destruction of, changes to, or publication of your personal information. To ensure data security and integrity, we have limited the number of people with access to your personal information to a strict need-to-have basis.
Furthermore, all Aon employees must observe internal procedures and rules regarding the processing of personal information and are obliged to attend training on the secure processing of personal information.
Deletion of your personal information
We will delete your personal information ten years after the end of the year in which we received it, and we no longer need to document the advice we have provided you. Identity and transaction information will be saved for at least five years according to the Book-keeping Act and the Anti-Money Laundering Act.
Your rights
You have the right to receive information regarding the processing of your personal data as well as a copy of the personal information that we process about you. If you become aware that the personal information, we process about you is inaccurate or incomplete, you have the right to have it corrected.
You also have the right to object to our processing of your personal information and request it is deleted, or restricted.
If your request is justified, we will correct, delete, or restrict the processing of your personal information accordingly. We reserve the right to require from you verification of your identity before we respond to your request.
You also have the right to lodge a complaint about Aon’s processing of your personal data with the supervisory authority of Norway, Datatilsynet. Your complaint should be sent to: Datatilsynet, P.O. Box 8177, 0034 Oslo or by e-mail: [email protected]. +47 22 39 69 00.
For more information
If you want to know more or if you wish to exercise your rights described above, please contact our Data Protection Officer (DPO) by writing to [email protected].
Last updated 16 February 2024.