Version 2
This Data Processing Protocol (the "Protocol") explains how the Willis Towers Watson group handles Personal Information on behalf of its clients, customers or licensees (together the "Client").
The Protocol shall form part of any agreement in place between the relevant Willis Towers Watson group entity with which the Client has a contractual relationship ("Willis Towers Watson") and the Client under which the Client sends Personal Information to Willis Towers Watson or entrusts Willis Towers Watson to collect and/or process Personal Information. Where this Protocol uses capitalized terms or other expressions which are used or defined in the Personal Information Protection Law of China ("PIPL"), the definitions or meanings set out in the PIPL shall apply.
The contact information of the relevant Willis Towers Watson group entity can be found in the agreement to which the processing relates to ("Agreement"). Any request or feedback to, including any rights to which a Client or data subject has under the PIPL can also be directed to Willis Towers Watson or privacy@wtwco.com.
In sending Personal Information to Willis Towers Watson for it to provide services, a Client confirms that it has complied with the relevant requirements for Willis Towers Watson to handle the Personal Information as per this Protocol and under the PIPL.
Data Processing
With respect to Personal Information processed by Willis Towers Watson on a Client’s behalf (see Annex 1), Willis Towers Watson will comply with the following requirements:
Limitations on Use. Willis Towers Watson will process Personal Information only to the extent needed to deliver the relevant services, as instructed in writing by a Client from time to time, or as otherwise required by law. Willis Towers Watson will process Personal Information strictly in accordance with the requirements of the Client. Where Willis Towers Watson, due to special circumstances, fails to process Personal Information in accordance with the requirements of the Client, Willis Towers Watson will promptly inform the Client of the same.
Confidentiality. Willis Towers Watson will hold Personal Information in confidence and require Willis Towers Watson personnel who process Personal Information to protect all Personal Information in accordance with the requirements of this Protocol.
Information Security Program. Willis Towers Watson will maintain a written information security program that contains appropriate administrative, technical and physical safeguards to protect Personal Information against anticipated threats or hazards to its security, confidentiality or integrity. Such security program will undergo periodic review and shall, at all times, meet the requirements under the PIPL.
Assistance
Willis Towers Watson will, taking into account the nature of the processing and the information available to it:
- I. provide reasonable assistance to assist a Client in fulfilling its obligation to respond to any requests from individuals exercising their rights under the PIPL. Such assistance might not be provided where allowed by the PIPL, for example, it might result in the disclosure of information relating to another data subject, or where disclosure might prejudice any investigation; and
- II. where expressly required under the PIPL, assist a Client in complying with a Client's obligations to make available to a Client all information which a Client reasonably requests to assist it in demonstrating compliance with the obligations laid down in the PIPL. Willis Towers Watson may charge a reasonable fee for all such assistance described above, save where assistance was required directly as a result of Willis Towers Watson's own acts or omissions, in which case such assistance will be at Willis Towers Watson's expense.
Audit. Willis Towers Watson will allow for audits conducted by a Client or another auditor nominated by a Client on privacy obligations as agreed and/or under the PIPL. Each Client shall provide Willis Towers Watson with thirty (30) days advance notice of any audit request and both parties shall agree on a mutually acceptable audit time and scope. A Client may not engage in an audit which would compromise confidentiality obligations to any other clients and customers of Willis Towers Watson and, if it wishes to nominate another auditor to undertake the audit, shall ensure that the auditor enters into a confidentiality agreement with Willis Towers Watson in such form as Willis Towers Watson shall reasonably require. Willis Towers Watson may charge for all reasonable fee costs and expenses incurred as a result of providing such assistance.
Notification. Willis Towers Watson will, without undue delay, notify a Client whenever there has been a confirmed data leak, tampering or loss as contemplated by in the PIPL, as well as any other confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information processed by it in the context of this Protocol.
Return or Disposal. A Client may instruct Willis Towers Watson to delete or return Personal Information at the end of the period during which it will process such Client Personal Information. However, there may be instances where Willis Towers Watson will continue to hold a copy of the Personal Information in archives to the extent necessary for legitimate business and/or other lawful purposes.
Sub-processing
Each Client understands and hereby consents to Willis Towers Watson using sub-processors to provide the services under the Agreement. Willis Towers Watson and its sub-processors will enter in a written agreement whereby the sub-processor shall provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the applicable legal requirements. Willis Towers Watson shall however remain primarily responsible for the performance of its obligations under this Protocol.
Anonymized and Pseudonymized Data
A Client acknowledges that the services include pseudonymization and anonymization for the purpose of aggregate reporting and (trends) research, and agrees that the Willis Towers Watson may use pseudonymized and anonymized data for its own business purposes, and Willis Towers Watson will comply with all applicable data protection laws in respect of such processing.
Data Transfers
Each Client confirms that Willis Towers Watson may transfer Personal Information to its affiliates and sub-processors inside and outside of China for the purposes of support and back-up. Willis Towers Watson also uses contractors and service providers under appropriate security requirement to provide Information Technology services to Willis Towers Watson in general.
Annex 1 - Description of processing of Personal Information
1. Subject Matter, Nature and Purpose
All processing activities (including the collection, organization and analysis of Personal Information) as are reasonably required to facilitate or support the provision of the services described under the Agreement.
Where the Client/data subject refuses to allow Willis Towers Watson to process the Personal Information, such refusal can potentially disadvantage or frustrate the provision of the services described under the Agreement. In addition, Willis Towers Watson might process the Personal Information regardless of the Client/data subject’s wishes where the law allows/ requires Willis Towers Watson to do so.
2. Duration of processing and retention of Personal Information
Willis Towers Watson will process the Personal Information for as long as it provides services to Client and will hold the Personal Information in archives after that date to the extent necessary for legitimate business and/or other lawful purposes.
3. Categories of individuals
Data subjects may include individuals named in any policy or scheme in respect of which Willis Towers Watson is engaged to provide its services and/or individuals that are beneficiaries of, or have made claims under, or are otherwise involved in, any such policy or scheme. Most commonly the data subjects will include: (1) employees, contractors or other workers of the Client ("Workers") and/or their family members, representatives or others connected with Workers; (2) past, existing or prospective clients of the Client, and/or their employees or other individuals connected with them, and/or their family members, representatives or others connected with them; and/or (3) past, existing or prospective complainants or claimants in connection with any insurance policy, and/or their family members, representatives or others connected with them.
4. Types of Personal Information
The services under the Agreement may involve the processing of the following types of Personal Information:
- names and contact information, including but not limited to home address and telephone number;
- demographic information (such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, employment details, hobbies, family composition, and dependents);
- employee identification numbers;
- information related to the provision of the services, such as policy information and claims information, including information relating to incidents giving rise to claims and related losses;
- system user credentials including but not limited to email addresses, user names and passwords; and
- human resources data, such as job title and role; benefits and compensation information; dependent/beneficiary information; educational, academic and professional qualifications information; emergency contact information; and performance management information.
5. Types of data which might be more sensitive:
The Personal Information processed by Willis Towers Watson may include certain data classified as Sensitive Personal Information, meaning Personal Information of a nature that, if disclosed or used unlawfully, could easily result in harm to the dignity of an individual or harm to his/her personal safety or property security such as: racial or ethnic origin, sex life or sexual orientation, mental and physical health, genetic information, biometrics, details of injuries, medication/treatment received, lifestyle matters such as smoking and drinking habits, religious beliefs, whereabouts, and criminal records, fines and other like judicial records, personal identification documentation and related information such as passport numbers, financial and payment data such as bank account numbers and transaction information, as well as Personal Information of minors under the age of 14.
