Privacy Notice

1. Introduction

This Privacy Notice (“Notice”) explains how Aon UK Limited and Aon Belgium BV and its affiliated companies and subsidiaries (“Aon”) makes use of the personal information collected about you in connection with the services provided to you. Please take your time to read this Notice carefully. When using our website www.aondigital.com/en-gb, this Notice should be read alongside the website terms and conditions. Throughout this Notice Aon may be referred to as "we", "us", "our" or “Aon”.

We are a company incorporated in England and Wales (registered number 0210725) and have our registered office at The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London, EC3V 4AN.

Aon Belgium BV is authorised and regulated in Belgium as an insurance intermediary by the Belgian Financial Services and Markets Authority (“FSMA”) under number 013982.

2. Collecting Your Information

2.1 The information we collect about you will depend on the products you are applying for and may include the following:

a. basic personal details, such as your name, email address current and previous home address, date of birth, age, gender and job title and marital status

b. demographic details, such as information about insurance requirements; including details of your home(s), possessions (including valuable articles), the security of your properties, details of any surveys, appraisals or valuations, details of your travel plans including countries to be visited and length of trips, details of your car, van, motorcycle or any other form of motor vehicles;

c. certifications and insurance details, such as existing and previous insurance policy details and claims history, as well as details of any criminal convictions not spent under the Rehabilitation of Offenders Act. This can also include Driving history, certifications and insurance details, such as driving license details, the period for which a license has been held, existing and previous insurance policy details, previous accident and claims history, details of any motoring convictions and details.;

d. financial details, such as payment card and bank account details and details of your credit history and bankruptcy status;

e. claims details, such as information about any claims concerning your insurance policy;

f. Education and professional experience data such as education and training history, names of previous employers, titles of previous job roles, degrees and qualification certifications;

g. Health information like medical records of you or any other members covered under the policy, which may be required for the purposes of underwriting or claims processing;

h. information captured on digital recordings of phone calls with you;

i. reviews captured if you respond to a customer survey, feedback form or questionnaire;

h. your marketing preferences

2.2 You are required to provide any personal information we reasonably require (in a form acceptable to us) to enable us to meet our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information we reasonably require in order to fulfill these obligations, we may be unable to offer the services to you and/or we may terminate the services provided with immediate effect.

2.3. Where you provide personal information to Aon about third party individuals (e.g. information about your spouse, civil partner, child(ren), dependents or emergency contacts), where appropriate, you should provide these individuals with a copy of this Notice beforehand or ensure they are otherwise made aware of how their information will be used by Aon.

2.4 In addition to sourcing personal information from you directly, we may also collect personal information about you from other third parties, such as:

a. Your Employer

b. Insurance market participants such as insurance underwriters

c. Credit reference agencies

d. Anti-Fraud databases, sanctions list, court judgments and other databases and government agencies

e. Vetting and data validation agencies and other professional advisory service providers

f. In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts, loss adjusters, solicitors and claim handlers

In some instances, we automatically collect certain types of information when you visit our website(s) and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the footer of our page (where applicable).

3. Processing Your Information

We will use the information we collect about you in connection with the Service for the following purposes:

3.1 Quotation/Inception:

a. Assess your application to receive the service, setting you up as a client, including customer due diligence, possible fraud, sanctions, credit, anti-money laundering and risk management agency checks

b. Evaluating the risks to be covered and matching to appropriate policy/ premium

c. Payment of premium where the insured/policyholder is an individual

3.2 Policy administration:

a. Client care, including communicating with you, sending you updates and manage the service provided to you

b. Payments to and from individuals

3.3 Claims Processing:

a. Managing insurance and claims

b. Investigating and settling claims or complaints in relation to insurance policies and / or service provided

c. Defending or prosecuting legal claims by facilitating the prevention, detection and investigation of crime and the apprehension or prosecution of offenders

d. Investigation or prosecuting fraud

e. Trace debtors and recover any outstanding debt in connection with the Service provided;

3.4 Renewals:

a. Contacting the insured/policyholder to renew the insurance policy

b. Evaluating the risks to be covered and matching to appropriate policy/ premium

c. Payment of premium where the insured/policyholder is an individual

3.5 Direct Marketing:

a. Conduct market research and canvass your views about the Service in order to develop and improve our products and service offerings generally

b. Updating you about the new products or services which may be beneficial or of interest to you

3.6 Other purposes outside of the insurance lifecycle but necessary for the provision of insurance throughout the insurance lifecycle period:

a. Complying with our legal or regulatory obligations

b. General risk modelling

c. Transferring books of business, company sales & reorganisations

d. offering you other products and services that may be of interest to you

4. Legal Grounds for Processing

We rely on the following legal grounds to collect and use your personal information:

a. Performance of the Service contract Where we offer the services or enter into a contract with you to provide the services, we will collect and use your personal information where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you.

b. Legal and regulatory obligations The collection and use of some aspects of your personal information is necessary to enable us to meet our legal and regulatory obligations. For example, Aon is licensed and regulated by the Financial Conduct Authority (the “FCA”) and is required to provide the service in accordance with relevant regulatory rules.

c. Insurance purposes Except where we need to process special categories of data as part of the delivery of our services, we will not usually ask you for special categories of data (such as information relating to health) when you correspond with us. Depending on the nature of your correspondence with us, it is possible that you provide us with information that contains some special categories of personal data and which will therefore be included in the information that we collect or record. To the extent that we do process any special categories of data in this way, we do so under Article 9(2)(g) of the UK GDPR and Section 10(3) of the DPA 2018 (necessary for reasons of substantial public interest), in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.

d. Preventing and detecting fraud We will use your personal information, including information relating to criminal convictions or alleged offences to prevent and detect fraud, other financial crime and crime generally in the insurance industry.

e. Legitimate interests The collection and use of some aspects of your personal information is necessary to enable us to pursue our legitimate commercial interests, e.g. to operate our business, particularly where we offer other products and services that may be of interest to you or conduct market research to improve our products and services generally. Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

f.Consent We rely on your consent to collect and use personal information concerning any criminal convictions or alleged offences, specifically for the purpose of assessing risks relating to your prospective or existing insurance policy. We may also share this information with other insurance market participants and third parties where necessary to offer, administer and manage the services provided to you, such as insurers and insurance underwriters, reinsurers, brokers and vetting agencies. Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect. Where you choose to receive the services from us you agree to the collection and use of your personal information in the way we describe in this section of the Notice. You also agree that such information may be collected and used for the above purpose by the insurance underwriter named in your insurance policy documentation. You should refer to the insurer’s privacy notice on their website for further information about their privacy practices.

5. Accuracy of Your Information

We rely on the availability of accurate personal information in order to provide the services to you and operate our business. You should therefore notify us of any changes to your personal information, particularly changes concerning your contact details, bank account details, insurance policy details or any other information that may affect the proper management and administration of your insurance policy and/or the services provided to you.

6. Recipients of Your Information

We generally share your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you:

a. insurance market participants where necessary to offer, administer and manage the services provided to you, such as insurers and insurance underwriters, reinsurers, brokers, intermediaries and loss adjusters. The insurance underwriter is the insurer that is underwriting your insurance policy and is named in your policy documentation. You should refer to the insurer’s privacy notice on their website for further information about their privacy practices;

b. Vetting and risk management agencies, such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the Service. For example, we may check the Claims Underwriting Exchange Register to assess and/or validate your previous claims history.

c. Medical professionals, where you provide health information in connection with a claim against your insurance policy.

d.aw enforcement bodies, where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;

e. public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations;

f. third party suppliers, where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions; and

g. successors of the business, where Aon or the services are sold to, acquired by or merged with another organisation, in whole or in part. Where personal information is shared in these circumstances it will continue to be used in accordance with this Notice.

h. If you have a motor vehicle insurance policy, then we may also send your information to The Motor Insurers Bureau (the “MIB”), where necessary to validate your existing insurance cover. Your insurance policy details will also be added to the Motor Insurance Database maintained by the MIB and will be used by authorised bodies, such as the Police, Driving License Authority, the Insurance Fraud Bureau and other bodies permitted by law for purposes including, but not limited to: i. Electronic vehicle licensing; ii. Continuous insurance enforcement; iii. Law enforcement, including the prevention or detection of crime or the apprehension or prosecution of offenders; and iv. The provision of government services and/or other services aimed at reducing the level and incidence of uninsured driving.

7. Overseas Transfers of Your Information

7.1 We operate on a global and worldwide basis and we therefore reserve the right to transfer personal information about you to other countries, including without limitation to the United States, India and Poland, to be processed for the purposes outlined in the Notice. In particular, we may make such transfers to offer, administer and manage the services provided to you and improve the efficiency of our business operations. We shall endeavour to ensure that such transfers comply with all applicable data privacy laws and regulations and provide appropriate protection for the rights and freedoms conferred to individuals under such laws.

7.2 Where we collect personal information about you in the United Kingdom (the “UK”) or the European Economic Area (the “EEA”) we may transfer the information to countries outside the UK or EEA for the processing purposes outlined in this Notice. This may include transfers to countries that the European Commission (the “EC”) and UK data protection regulator consider provide adequate data privacy safeguards and to some countries that are not subject to an adequacy decision. Where we transfer personal information to countries that are not subject to an adequacy decision, we shall put in place appropriate safeguards, such as standard contractual clauses approved by the EC or UK data protection regulator, as appropriate. Where necessary, we may implement additional technical, organizational or contractual measures to ensure an adequate level of protection for your personal information. Where required, further information concerning these safeguards can be obtained by contacting us using the details set out in section 16.

8. Retention of Your Information

We retain appropriate records of your personal information to operate our business and comply with our legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the services to you. In most cases we shall retain your personal information for no longer than is required under the applicable laws. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

9. Information Security

The security of your personal information is important to us and we have implemented appropriate security measures to protect the confidentiality, integrity and availability of the personal information we collect about you and to ensure that such information is processed in accordance with applicable data privacy laws.

10. Your Information Rights

10.1 You have the following rights under applicable data privacy laws in respect of any personal information we collect and use about you:

a. The right to access and inspect your personal information or be provided with a permanent copy of the information being held about you.

b. The right to request the correction of your personal information or in cases where the accuracy of information is disputed, to supplement the information to give notice that you dispute its accuracy.

c. The right to request the erasure of your personal information, particularly where the continued use of the information is no longer necessary.

d. The right to object to the use of your personal information, particularly where you feel there are no longer sufficient legitimate grounds for us to continue processing the information.

e. The right to object to the use of your personal information for direct marketing purposes. See section 11 below for further information.

f. The right to request the restriction of your personal information from further use, e.g. where the accuracy of the information is disputed and you request that the information not be used until its accuracy is confirmed.

g. The right to request that some aspects of your personal information be provided to you or a third party of your choice in electronic form to enable its reuse.

h. The right to object to decisions involving the use of your personal information, which have been taken solely by automated means. See section 12 below for further information.

i. The right to complain to the relevant data protection regulator about our processing of your personal information.

10.2 It is important to note, however, that some of the rights described above in section 10 can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy laws, we will write to you to explain the reason for our inability to do so. Where required, further information concerning these rights and their application can be obtained by contacting us using the details set out in section 15.

11. Direct Marketing

We will use your personal information to send you direct marketing about other products and services that we feel may be of interest to you. We will give you the opportunity to refuse direct marketing at the point that you apply or register to receive the services and on each occasion thereafter that you receive direct marketing communications from us. You can also change your marketing preferences at any stage by contacting us using the details set out in section 15. Please note that, even if you opt out of receiving direct marketing communications, we may still send you service-related communications where necessary.

12. Automated Decisions

Where you apply or register to receive the service, we may carry out a real-time automated assessment to determine whether you are eligible to receive the service. An automated assessment is an assessment carried out automatically using technological means (e.g. computer systems) without human involvement. This assessment will analyse your personal information and comprise a number of checks, e.g. credit history and bankruptcy check, validation of your driving licence and motoring convictions, validation of your previous claims history and other fraud prevention checks. Where your application to receive the service does not appear to meet the eligible criteria, it may be automatically refused, and you will receive notification of this during the application process. However, where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us using the details set out in section 15.

13. Recording and monitoring of communications

We may digitally record and monitor phone calls with you for the purposes of:

a. investigating and settling claims or complaints in relation to insurance policies and/or the related services provided;

b. fulfilling legal and regulatory obligations and monitoring compliance with the same; and

c. providing improved quality of service delivery and training to our staff. Copies of any such recordings will be stored for a period of six years, or such other longer period as we may determine from time to time in accordance with section 8.

14. Complaints

If you wish to make a complaint about the way we use your personal information you should raise this with us by contacting us in the first instance. Post: Aon UK Limited, Central Complaints Team, Briarcliff House, Kingsmead, Farnborough, GU14 7TE Phone: 01252 768662 E-mail: [email protected] However, if you are not satisfied with the way we have handled your complaint you have the right to raise the matter with the relevant data protection regulator. England Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Email: [email protected]

Scotland Information Commissioner's Office 45 Melville Street Edinburgh EH3 7HL Email: [email protected] Wales

Information Commissioner's Office 2nd floor Churchill House Churchill Way Cardiff CF10 2HH Email: [email protected] Northern Ireland Information Commissioner's Office 3rd Floor 14 Cromac Place Belfast BT7 2JB Email: [email protected]

15. Contact Information

If you have any questions about the content of this Notice or the rights conferred to you under the applicable data privacy laws, you should contact us at the following address: Global Data Privacy Office The Aon Centre The Leadenhall Building 122 Leadenhall Street London EC3V 4AN Email: [email protected]

16. Changes to this Notice

This Notice is not contractual, and Aon reserves the right to reasonably amend it from time to time to ensure it continues to accurately reflect the way that we collect and use personal information about you. Any updates or changes to this Notice will be made available to you. You should periodically review this Notice to ensure you understand how we collect and use your personal information. This Notice was last updated on December 15, 2023