Aon Privacy Notice

Aon is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Aon is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their personal information with us.

What does this Privacy Notice do?

This Privacy Notice ("Notice") explains Aon’s information data processing practices, namely our talent services. This includes our assessment and feedback systems.

Who are we?

Throughout this Notice, “Aon” refers to Aon Assessment GmbH, as well as its affiliated companies and subsidiaries (also referred to as "we", "us", or "our"). You can contact us regarding information contained within this Privacy Notice and the associated services: Aon Assessment GmbH Großer Burstah 18-32 20457 Hamburg Germany +49-40-3250 389-900 gdpr.assessment@aon.com Our Data Protection Officer can be contacted using these same details.

Who is responsible for your information?

As Aon typically acts as a Processor for your personal data (we only process it on instruction), our customers are primarily responsible for decisions about your personal data. This makes them the Controller. Your Controller is therefore the entity for whom you complete this questionnaire. You can also contact them directly regarding questions about your personal data.

When and how do we collect your information?

We collect your personal data from you directly whilst you use our services.

What information do we collect?

We collect specific personal data to provide our talent services on this site:

  • Technical Information (e.g., public IP address, time and date of access, activities, browser settings, device information, cookies). This information is used to ensure the successful technical provision of the site to your device.

Please note that we do not sell your personal information according to the CCPA. We only process your personal data internally, with our contracted service providers, and perhaps with our customer (the entity stated in this questionnaire) regarding some analytical information.

How do we use your personal information and what is the legal basis?

We use your personal information in order to provide our talent services in accordance with the contractual relationship we have with our customers. In most cases, the processing is justified as follows:

(i) The provision of the RJP site

The purpose of the processing is the successful provision and delivery of the RJP site. You are able to use this site to explore your interests/potential positions. The legal basis for this processing on behalf of our customer is legitimate interest. There is a legitimate interest in helping you explore potential interests or job possibilities and directing you to a role.

(ii) Cookies

When using the service, cookies are stored on your device. These cookies can include:

Cookie Purpose Duration
cookieconsent_status This is used to detect when the  user has opted in or out of tracking and so the cookie notification banner will work. 1 year
Cookie_consent_
user_accepted
This is used to detect when the  user has opted in or out of tracking and so the cookie notification banner will work. 1 year

These cookies are functionally necessary to offer the service – this means they are technically important for making sure our systems work correctly. The legal basis is legitimate interest, as there is a legitimate interest in ensuring the successful delivery of the service.

Cookie Purpose Duration
IDE Used to show more relevant advertisements 1 year
YSC Registers a unique ID to keep statistics of what videos from YouTube the user has seen Session
VISITOR_INFO1_LIVE Estimates users bandwidth 179 Days
yt-remote-device-id Stores the user's video player preferences using embedded YouTube video Persistent
yt-remote-session-app, yt-remote-cast-installed, yt-remote-session-name, yt-remote-cast-available, yt-remote-fast-check-period Stores the user's video player preferences using embedded YouTube video Session

These cookies are necessary to offer certain aspects of the service – namely embedded Youtube videos. This means they are important for making sure some element of the service works correctly, as requested by you. The legal basis is consent. If you do not want this data to be processed, you can avoid it by not consenting to these cookies in the banner or preference centre.

Cookie Purpose Duration
_ga Used to distinguish users. 2 years
_gid Used to distinguish users. 24 hours
_gat Used to throttle request rate. 1 minute
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. 90 days
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. 1 year

These cookies are used for statistical analysis of your behaviour on the site via Google Analytics, and only with your consent. You can prevent the storage of cookies by not consenting on the provided cookie banner, through the settings of your web browser, or by managing your settings so that cookies are deleted once you close your browser. You can also amend your preferences in the provided preference centre. Please note that a complete disabling of cookies may impact on your ability to use this service, especially upon its quality. You can also contact Aon at gdpr.assessment@aon.com about disabling or deleting cookies.

Do we collect information from children?

We do not directly provide services to children, and we do not knowingly collect personal information from children, unless otherwise directed by our customer.

How long do we retain your personal information?

We do not store your personal data for any longer than we need to for our above stated purpose and/or the durations listed above. Beyond this, we only store your personal information pursuant to any applicable legal requirements.

Do we disclose your personal information?

We generally do not share your personal data. However, in some circumstances, we may transfer your personal data as follows:

Within Aon

We may share your personal information with other Aon entities, brands, divisions, and subsidiaries in order to provide the services. We do not rent, sell or otherwise disclose personal information with unaffiliated third parties. We do not share your personal information with third parties except with our customer and in the following circumstances discussed below.

Authorized Service Providers or Customers

We will disclose your information to service providers, including Google for Google Analytics services. We also use some IT service providers that we have retained (as processors) to perform services on our behalf, such as site development and management. We may also provide some information to our customer upon request, specifically some analytical data about general site users. Usually you are not specifically identified in such information.

Legal Requirements and Business Transfers

We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, (ii) in response to law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or (iv) in connection with an investigation of suspected or actual illegal activity. Disclosure may also be required for company audits or to investigate a complaint or security threat.

Do we transfer your personal information across geographies?

We are a global organization and may transfer certain personal information across borders to our authorized service providers, affiliates, or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally, or they may be overseas - some in countries that have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:

  • we ensure transfers within Aon are covered by agreements based on the EU Commission's standard contractual clauses, or other similar mechanisms under applicable local law, which contractually oblige each member to ensure that personal information receives an adequate and consistent level of protection wherever it resides within;
  • where we transfer your personal information outside of us or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. This is achieved typically through the conclusion of the EU Commission’s standard contractual clauses, or other similar contractual mechanisms under applicable local law; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.

If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted above. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Other rights regarding your data

Data protection laws vary among countries, with some providing more protection than others. Subject to certain exemptions, and in some cases, particularly if you reside in a jurisdiction with applicable privacy laws, you have certain rights in relation to your personal information. You can exercise your rights by contacting us. Please note that your request will be shared with our customer, who will have the ultimate responsibility for responding to the request. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to Access

You have right to access personal information, and the categories thereof, which we hold about you.

Right to Rectification

You have a right to request us to correct your personal information where it is inaccurate or out of date.

Right to be Forgotten (Right to Erasure)

You have the right to request under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.

Right to Restrict Processing

You have the right to restrict the processing of your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

Right to Data Portability

You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.

Right to Object to Processing

You have the right to object the processing of your personal information at any time, but only where that processing has our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Withdrawal of Consent

Where you have given your consent for a specific processing activity, you have the right to withdraw this consent with future effect. To withdraw your consent, please contact gdpr.assessment@aon.com or the customer directly.

Complaint

You have the right to make a complaint to your Supervisory Authority, or other relevant responsible authority/body, about our processing of your personal data.

International Transfers

As noted above, you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

Discrimination: If consumers exercise certain rights, businesses may not discriminate against them, such as by denying or providing a different level or quality of goods or services or charging or suggesting that a business will charge different prices or rates or impose penalties (unless doing so is reasonably related to the value received from the consumer personal information).

Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of their personal information, consumers have the right to be notified of any financial incentives offers and their material terms, as well as the to not be opted into such offers without prior informed opt-in consent and to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We do not offer any incentives at this time.

Contact Us

If you have any further questions or concerns, please contact: Aon Assessment GmbH Grosser Burstah 18-32 20457 Hamburg Germany +49-40-3250 389-900 gdpr.assessment@aon.com

Changes to this Notice

We may update this Notice from time to time. This Notice was last updated November 2020.