PRIVACY NOTICE

This Privacy Notice describes how Aon Hewitt (Ireland) Limited and Aon Hewitt Limited IRL Investment Branch (“Aon”) (and, where appointed, the Scheme Actuary) (together “we”, “our”, “us”), will use your personal information when providing pensions advisory, investment advisory and calculation services (“Services”) to our clients (such as your employer or your pension scheme trustees).

We will be responsible for the personal information we use to provide these Services, including where information is retained beyond the duration of our agreements with clients. We are committed to being responsible custodians of your personal information and acting in accordance with our legal obligations and your rights under data protection law.

This Privacy Notice describes:

1. The types of personal information we collect
2. How we use the personal information
3. The grounds for using this personal information
4. Who we may disclose personal information to and why
5. Overseas transfers of personal information
6. Information Security
7. Retention of personal information
8. Your choices and rights
9. How to contact us
10. Status of this Privacy Notice

1. The types of personal information we collect

We collect personal information about you in connection with your pension entitlements and to give advice to either the trustees and/or your employer and/or the sponsor of your scheme.

We also collect personal information about your spouse, partner or other immediate family member where you have named such individuals as beneficiaries to your pension. Where this additional information is provided to us, we will handle it in accordance with this Privacy Notice. However, as we will not be collecting the information from the beneficiary directly, you are responsible for informing your beneficiaries that we may process their information for these purposes, and providing them with a copy of this Privacy Notice.

The types of personal information we may collect include:

• Basic personal data: including name, address, postcode, contact details;
• Unique identifiers: such as Personal Public Service Number or pension scheme reference no.;
• Demographic information: date of birth, age, gender, marital status;
• Employment information: role, employment status (such as full/part time, contract), business unit, and employment history;
• Financial information: salary, tax details, third party deductions, bonus payments, benefits and entitlement
  data, pay related social insurance contribution details;
• Benefits information: benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions and pension adjustment orders;
• Special categories such as medical information: in some cases it will be necessary for us to collect and process personal information relating to ill-health early retirement and ill-health reviews to determine the benefits paid to you. This kind of personal information is not routinely collected and processed by us, and will only be done where it is necessary to do so in the circumstances.

We collect this information from sources including our clients and their service providers (such as payroll processors), third parties such as risk benefit insurers, your Independent Financial Adviser and/or your Additional Voluntary Contributions provider (as applicable), and from pension scheme members directly, including where members provide us with information about nominated beneficiaries.

2. How we use the personal information

We may use the personal information we collect for the following purposes:

• Plan Management: to help our clients run their pensions arrangements, make disclosures to third parties where legally required to do so or as otherwise requested by you; and for other checks or administrative activities that may become necessary from time to time (like member tracing to ensure the data we use is complete);
• Funding: to place values on members’ pension benefits entitlements as required by law;
• Liability Management: to undertake activities to help our clients manage their pension liabilities, such as bulk annuity quotations, scheme mergers, and member option exercises, as well as obtaining appropriate insurance coverage as may be required;
• Scheme Actuary Duties: to provide the valuations and calculations required of a Scheme Actuary by law;
• Regulatory Compliance: for meeting on-going regulatory, legal and compliance obligations including assisting with investigations or prevention of crime, providing you with updated versions of this Privacy Notice (where required);
• Process and service improvement: to maintain and improve processes used in running the scheme (for example, automated benefit calculation routines), products or services and uses of technology, including testing and upgrading of systems;
• Anonymisation: we will anonymise personal information (such that it can no longer be re-identified) in order that it can be used with other data for data analysis, modelling, benchmarking and research purposes. We may share aggregated and anonymised data with third parties provided that we shall not publish externally or otherwise disclose any information which might reasonably identify you;
• Benchmarking, Modelling & Analysis: personal information will (in some instances in identifiable form, in others anonymous form) be processed for data analysis, modelling, benchmarking, and research purposes in order to improve understanding of life expectancy and other demographic aspects relevant for assessing pensions and insured liabilities. We may share limited identifiable data with third party agencies such as existence tracing providers to support these purposes. We will not otherwise publish externally or otherwise disclose any information which might reasonably identify you.

3. Grounds for using the personal information we collect

We rely on the following legal grounds to process your information:

• Necessary to pursue our legitimate interests as set out in 2(a)-(h) above e.g. to operate our business, provide the
  Services and improve our products and services generally. Where we rely on this legal basis to collect and use your personal information we will take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred on you under applicable data privacy law;
• Pursuant to legal or regulatory obligations, including requirements to make any disclosures to authorities, regulators or government bodies (including the Revenue Commissioners);
• Necessary for performance of a contract: we will collect and use your personal information where necessary to enable us to take steps to fulfil our obligations in accordance with the terms of your pension scheme agreement; and
• In limited circumstances, processed with your consent, for example where we require you to provide sensitive information such as medical details that impact the provision of risk benefits and/or your retirement which cannot be processed without your consent.
• In limited circumstances, necessary for statistical purposes, as set out in 2(g)-(h) above e.g. to improve understanding of life expectancy and other demographic aspects relevant for assessing pensions and insured liabilities. Where we rely on this legal basis we will take appropriate steps to ensure that any output of our statistical analyses will not include personal information which might reasonably identify you.

4. Who we disclose personal information to

We generally share your personal information with the following categories of recipients:

• Our clients (such as your employer and/or your pension scheme trustees), and their service providers such as payroll providers;
• Third parties you have authorised us to share information with such as your financial advisor or nominated beneficiaries;
• Third party agencies, such as data tracing providers and other professional advisory agencies, where necessary to prevent and detect fraud in the pensions and insurance industry, or to assess and manage risk in relation to the Services;
• Insurance and reinsurance companies, such as when we carry out the activities referred to for Liability
  Management purposes above;
• Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature;
• Law enforcement bodies, where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;
• Public authorities, regulators and government bodies, where necessary for Aon to comply with its legal and regulatory obligations, such as responding to questions from the Financial Services and Pensions Ombudsman about any complaints they may have received, or providing information to the Revenue Commissioners;
• Our third party suppliers, where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions; and
• Successors of the business, where Aon is sold to, acquired by or merged with another organisation, in whole or in part. Where personal information is shared in these circumstances it will continue to be used in accordance with this Privacy Notice.

5. Overseas transfers of personal information

Due to Aon’s global presence, we may transfer, process and store your information outside the European Economic Area. As such, your personal information may be transferred to a country which has less protective data protection legislation in place than in the European Union.

Where this is the case we will ensure the appropriate security measures and controls are in place to protect your personal information, as well as your rights in relation to that personal information. As such the transfers and disclosures will be made in accordance with applicable data protection laws and regulations, for example by a data transfer agreement in the appropriate standard form approved for this purpose by the European Commission or (where applicable) the relevant authority in Ireland.

6. Information Security

We want you to feel confident that we are committed to keeping information secure. We have implemented appropriate technical and organisational security measures to protect the personal information we collect against unauthorised or unlawful processing and against accidental loss, damage or destruction.

7. Retention of personal information

Aon retains appropriate records of your personal information to operate its business and comply with its legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the Services. In most cases we shall retain personal information for no more than twenty years beyond the period for which we provide the Services unless regulatory or legal obligations imposed on us require specific personal information to be retained for longer. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

8. Your rights and choices

Under data protection law you have certain rights regarding information that we collect about you. You can ask to:

• see what personal information we hold about you;
• have corrected any personal information we may have about you;
• erase your personal information;
• restrict, or in some cases object to our use of your personal information;
• transfer your information to you or a third party (in some circumstances); and
• withdraw your consent to the use of your information, to the extent such use is based on your consent.

In order to exercise any of the above rights, you can do so by using the information provided in the “ How to contact us” section below. It is important to note, however, that some of the rights described above can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy law we will write to you to explain the reason for refusal.

You can also lodge a complaint about the processing of your personal information with the Office of the Data Commissioners, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.

9. How to contact us

If you have any questions or wish to exercise any of the above rights you should contact us, including reference to the scheme name, as follows:

Data Protection Officer, Aon Hewitt (Ireland) Limited/Aon Hewitt Limited IRL Investment Branch, Block D, Iveagh Court, Harcourt Road, Dublin 2.

10. Status of this Privacy Notice

This privacy notice was updated in May 2018. It is non-contractual and we reserve the right to amend it from time to time.