Privacy Policy

Aurenda Global Privacy Notice

Updated: 27 November 2023

This Privacy Notice applies to Aurenda, and all of its affiliates and subsidiaries (collectively, “we,” “our,” “us,” or “Aurenda”). A full list of affiliates and subsidiaries is available here.

In this Privacy Notice, we identify the personal data that we collect about you and how we use that data. This Privacy Notice applies to any personal data you provide to Aurenda and any personal data we collect from other sources, unless you are provided a more specific privacy statement at the time of data collection. This Privacy Notice does not apply to any third-party websites, applications or portals (“Sites”) linked to Aurenda’s Sites, or to any Aurenda Sites that have their own privacy notices. If you provide personal data to us about other people, you must provide them with a copy of this Privacy Notice and obtain any consent required for the processing of that person’s data in accordance with this Privacy Notice.

If you have any questions about this Privacy Notice, please contact us using the details set out in the Contact Us section. When using our Sites, you should read this Privacy Notice alongside the Site’s Terms of Use.

The following sections will guide you through our practices for the collection, usage, disclosure and retention of your personal data:

  1. Who we are
  2. How we process your personal data
  3. How we protect your personal data
  4. How we protect your personal data when sending it abroad
  5. Marketing activities
  6. Profiling and automated decision-making
  7. How long we keep your personal data
  8. Your personal data rights
  9. Contact us
  10. Updates to this Privacy Notice

1. Who we are

We are a global company providing a range of professional services including insurance, (re)insurance brokerage, risk and claims management, employee benefits and human resources consulting and administration, financial, pension administration and actuarial services through our various affiliates and subsidiaries.

2. How we process your personal data

2.1 Individuals in scope of this Privacy Notice

This Privacy Notice provides information for those individuals whose personal data we process, including:

2.2 How we collect your personal data

We collect your personal data in a number of ways, which vary based on how you interact with us and as allowed by applicable law. The following summarizes our various collection points:

2.3 Personal data we collect

We collect the following types of personal data depending on the purpose of your interaction with us (e.g., as business contact, customer, claimant, insured) and as allowed by applicable law:

2.4 How we use your personal data

Depending on the purpose of your interaction with us (e.g., as business contact, customer, claimant, insured, pension member), we use your personal data to:

If we intend to use your personal data for any other purpose not described in this Privacy Notice or which is not compatible with the purpose for which your personal data was collected, we will contact you and let you know of that purpose, which may include the need to satisfy our legal and regulatory obligations. Where we require your consent to the processing, we will request it in advance.

2.5 Legal basis for processing personal data

Local law and regulation may require us to have a legal basis to process your personal data. In most cases, our legal basis for processing your personal data will be one of the following:

When we process sensitive personal data, sometimes referred to as special category data, in most cases our legal basis will be one of the following:

2.6 Who we share your personal data with

We share your personal data within Aurenda’s group of companies for the purpose of your interaction with us, such as for the provision of our services, general business operations and controls, marketing, data analytics, systems and algorithm improvements, surveys, benchmarking, and compliance with applicable laws.

We may also share your personal data with the following third parties for the purpose of your interaction with us:

When required by applicable law, we will obtain your explicit consent before sharing your data with any third parties. We will also require third parties (where applicable) to maintain a comparable level of protection of personal data as set out in this Privacy Notice by the use of contractual requirements or other means. On request and where required by law, we will confirm the name of each third party to which your personal data has, or will be, transferred. To the extent permitted by applicable law, we disclaim all liability for the use of your personal data by third parties.

2.7 Children

Our Sites are not intended for children and we do not knowingly collect, use, or disclose information about children.  If you are a minor, please do not provide any personal data even if prompted to do so. If you believe that you have inadvertently provided personal data, please ask your parent(s) or legal guardian(s) to notify us. In the event that we learn that we have inadvertently collected personal data via our Sites from a child, we will delete that information as quickly as possible.

3. How we protect your personal data

We use a range of organizational and technical security measures to protect your personal data, including, but not limited to, the following:

Please note that where we have given you (or you have chosen) a password, you are responsible for keeping the password confidential. Please do not share your password with anyone.

4. How we protect your personal data when sending it internationally

We operate as a global business and may transmit your personal data across borders, including within Aurenda’s group of companies and to certain third parties, including our partners and service providers. This sharing of data allows us to provide you services as set out in our underlying agreement or as otherwise indicated in this Privacy Notice. When required by applicable law, we will obtain your explicit consent before transferring your data.

The laws that apply to the country where the data is transferred may not be equivalent to that in your local country (or in the country in which we provide the services). Transfers of personal data will comply with applicable law and be subject to suitable safeguards to ensure an adequate level of protection, including, where required, the use of standard contractual clauses approved by the local data protection regulator, that require each party to ensure that the personal data receives an adequate and consistent level of protection. Please contact us using the details provided under the Contact Us section if you would like further information regarding our international transfers and the steps we take to protect your personal data when sending it internationally.

5. Marketing activities

From time to time, we may provide you with information about our products or services or those of our partners that we think will be of interest to you. We may send you this information by email, LinkedIn, SMS, text, post or we may contact you by telephone. We may also share your personal data with other Aurenda group companies so that they can provide you with information about their products and services we believe will be of interest to you. We ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of sending you marketing materials.

You can opt out of receiving marketing communications from us at any time. Please use the “unsubscribe” link in our marketing emails to opt out of receiving those emails. Alternatively, please contact us using the details provided under the Contact Us section. In such circumstances, we will continue to send you service-related communications where necessary.

6. Profiling and automated decision-making

Insurance market participants benchmark insured, beneficiary and claimant attributes and risk factors, and insured event likelihoods in order to determine insurance limits, insurance premiums and fraud patterns. This means that we compile and analyze data in respect of insureds, beneficiaries and claimants to model such likelihoods. In doing so, we use personal and commercial data in order to create the models and/or match that data against the models (profiling) to determine both the risk and the premium price based on similar exposures and risks. We also use this information to help us advise insurance companies about the typical levels of insurance coverage that our clients may have in place.

We will only make automated decisions about you where:

These automated decisions may have a legal or similar effect on you, namely, your eligibility for or access to products or services.

We may also make automated decisions based on your personal data or browsing history to send you personalized offers, discounts or recommendations, subject to any applicable local laws and regulations. These automated decisions will not have legal or similar effects for you.

Subject to local laws and regulations, you can contact us to request further information about our automated decision-making, object to our use of automated decision-making, or request that an automated decision be reviewed by a human being.

7. How long we keep your personal data

We keep your personal data for as long as reasonably necessary to fulfil the purposes set out in this Privacy Notice based on our business needs and legal requirements.

When we no longer need your personal data, we de-identify or aggregate the data or securely destroy it based on our retention policy. Please note that de-identified or aggregated data is not treated as personal data under this Privacy Notice and may be used for analytics purposes.

We have a detailed retention policy that governs how long we hold different types of information. Please contact us using the details provided under the Contact Us section for further information regarding how long we keep your personal data.

8. Your personal data rights

Based on the country in which you reside, and subject to permitted exemptions, you may have certain rights in relation to your personal data. We are committed to respecting your personal data rights. Please refer to your country-specific addendum for information on the rights that apply to individuals in your country.

You can exercise your rights by contacting us using the details provided in the Contact Us section. We will usually not charge you for processing these requests. There may be cases where we are unable to comply with your request (e.g., via a permitted exemption or where the request would conflict with our obligation to comply with other legal requirements). We will tell you the reason if we cannot comply with your request and we will always respond to any request you make.

9. Contact us

Please contact us if you have any questions about how we collect and process your personal data. You may contact us by writing to GlobalPrivacyOffice@ajg.com. To assist in providing you with an accurate response, please let us know that your question relates to Aurenda and your applicable country.

10. Updates to this Privacy Notice

We may update this Privacy Notice from time to time. When we make updates, we will post the current version on our Sites and will revise the version date located at the bottom of the Privacy Notice. We encourage you to review this Privacy Notice periodically so that you will be aware of our current privacy practices.

Australia Addendum (“Addendum”)
to the Aurenda Privacy Notice

Updated: 27 November 2023

This Addendum supplements Aurenda’s Privacy Notice and applies to personal data collected in Australia.  Aurenda’s Privacy Notice together with this Addendum shall be considered Aurenda’s Privacy Policy pursuant to the Australian Privacy Principles (“APPs”) set out at Schedule 1 of the Privacy Act 1988 (Commonwealth of Australia) (“Privacy Act”).

For clarity, a reference to ‘personal data’ in the Privacy Notice and this Addendum includes a reference to ‘personal information’ as defined in the Privacy Act.

Disclosure of your personal data to third parties overseas

Aurenda Pty Ltd and Aurenda Training Pty Ltd do not disclose your personal data to overseas third parties or affiliated companies.

Government Identifiers

Notwithstanding sections 2.5 and 2.6 of the Privacy Notice, we will only use or disclose an identifier of an individual issued by or on behalf of an agency of the Australian government or a state/territory authority (e.g., Medicare number, Centrelink reference number, driver’s license number, Australian passport number) where:

Your personal data rights

You have certain rights in respect of your personal data under Australian data protection laws, including the Privacy Act and the APPs.

Right to access your personal data

You have a right to ask us for copies of your personal data and certain details of how we use it. We will not charge you to make a request, but may ask you to pay reasonable costs associated with fulfilling the request if your request is excessive, repetitive or burdensome.

Right to rectification

You have a right to ask us to amend or update your personal data if you believe the personal data we hold about you is inaccurate or incomplete.

Right to opt-out of direct marketing

You have a right to ask us to stop sending you direct marketing messages at any time. When you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

Right to withdraw consent

We will ask for your consent for certain uses of your personal data. Where we do this, you have the right to withdraw your consent to further use of your personal data.

Right to complain

You have the right to contact our data protection officer if you have any concerns with how we use your personal data or think that your privacy has been affected, and we will do our best to resolve your concerns. To exercise your right to complain, you should first make your complaint in writing to Aurenda’s data protection officer (using the contact details in the Contact Us section below).  Upon receipt of your complaint we will respond within a reasonable time but no later than 30 days.  If you are dissatisfied with our response, you may then bring your complaint to a recognized external dispute resolution scheme of which Aurenda is a member and lastly, you may bring your compliant to the Office of the Australian Information Commissioner (“OAIC”).   More information can be found on the OAIC website.  Exercising your right to complain will not affect any other legal rights or remedies you have.

There may be circumstances where exercising some of your rights described above or not providing us with your personal data will result in us not being able to provide products or services to you (i.e., insurance can no longer be provided or your policy may be cancelled). By exercising your rights (such as your right to withdraw consent), you may also lose the right to bring any claim or receive any benefit, including in relation to any event that occurred prior to the exercise of your rights, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

Contact us

You can contact us if you have any questions about how we collect, store or use your personal data or if you wish to exercise any of your rights with respect to your personal data. To assist in providing you with an accurate response, please let us know the Aurenda business you interact with and your applicable country.

Aurenda legal entity Data Protection Officer Contact details
Aurenda Pty Ltd

 

Address: Level 3, 3 Loftus Street, West Leederville WA 6007
Phone: (08) 6157 9300
Email: aurenda@aurenda.com
Aurenda Training Pty Ltd

 

Address: Level 3, 3 Loftus Street, West Leederville WA 6007
Phone: (08) 6157 9300
Email: aurenda@aurenda.com