This Privacy Notice is intended to describe the practices EY follows in relation to the EY CRSP (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in Tool.
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing Tool on which your personal data will be processed and stored is EYGM Limited an EY global entity.
The personal data you provide in Tool is shared by with one or more member firms of EYG (see “Who can access your information” section below).
Tool is hosted on EY managed Azure servers in UK.
Your personal data processed in Tool is used as follows:
· The user account data in the system will be used to authorize the user that is attempting to sign into Tool.
EY relies on the following basis to legitimise the processing of your personal data in Tool:
Processing is necessary for the purposes of the legitimate interests pursued by the data controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest(s) pursued is to conduct client engagements. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the above legitimate interest(s). We process your personal data based on your consent. The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the purposes for processing. You have the right to withdraw your consent at any time.
Tool processes these personal data categories:
· FIRST NAME
· LAST NAME
This data is sourced either from MY EY or provided by end user.
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via Tool. There is no intention to process such information.
Your personal data is accessed in Tool by the following persons/teams:
· A limited set of EY employees in admin roles would have access to the user data for the purposes of creating user accounts or providing support for existing user accounts
EY will process your personal data in Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).
In relation to the retention of personal data in Tool. Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Why do we need your Information”. Your personal data will be retained in compliance with privacy laws and regulations.
After the end of the data retention period or when the purpose for processing (see question 3 above) is complete, your personal data will be deleted.
EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.
You are legally entitled to request details of EY’s personal data about you.
To confirm whether your personal data is processed in Tool or to access your personal data in the Tool, contact your usual EY representative or email your request to global.data.protection@ey.com.
You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.
If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.