EY Client Portal
Privacy Statement EY Client Portal
This Privacy Statement is intended to describe the practices EY follows in relation to the EY Client Portal (Tool) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.
Who manages the Tool?
EY refers to one or more of the member firms of Ernst & Young Global Limited (EYG), each of which is a separate legal entity and can act as a data controller in its own right. The EY entities that are acting as joint data controllers by providing this Tool on which your personal data will be processed and stored are EY Global Services Limited, an EY Global entity and also the EY member firm which is referred to in the Master Agreement with your organization (the Joint Data Controllers).
The personal data you provide in the Tool is shared by the Joint Data Controllers with one or more member firms of EYG (see Who can access your information section below). The Tool is hosted on servers in the EY Global Data Centre in Secaucus, NJ, USA. The Tools integrated eRoom application is housed in each of the EY Global Data Centers in the USA, Germany and Singapore.
This Privacy statement applies to all integrated applications, customized content, tools and resources accessed through the Tool, unless you are notified that a specific privacy statement applies.
Why do we need your information?
The Tool is a password protected, secure gateway extranet for EY clients and contacts to access a range of services including customized business news, research material, project management tools and EY interpretive guidance, as well as to work online with their EY engagement teams.
Your personal data processed in the Tool is only collected and used for the purpose of delivering services to you as described above. Such services also include advising you about our products, services and other opportunities in which you have expressed interest, maintaining your accounts with us, processing requests by you or other persons authorized by you, and administering our business.
EY relies on the following basis to legitimize the processing of your personal data in the Tool:
Processing is necessary for the purposes of the legitimate interests pursued by one or more of the Joint Data Controllers or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest pursued is the conduct of client engagements.
The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the purposes for processing.
What type of personal data is processed in the Tool?
The Tool processes these personal data categories:
Client User Information:
Name; Email address; Business phone number; Business address; Job title; Site Navigation Language preference; Job Function & Practice Area; Country and time zone.
EY User Information:
Name; Email address; Business phone number; Address; Title; Country and time zone.
The Tool also process the following corporate client information:
Company name; Company address; Country of Incorporation; Industry; Whether the company or its related entities provide independent or public accounting.
To access and use the Tool, you must be a registered user authorized by your organization (either a client or an authorized third party service provider to a client). In the registration process, a representative of your organization provides EY certain information about you to enable us to set up an account for you, including your first and last name, title, email address, postal address, and office telephone number.
Because your use of the Tool is solely for the benefit of the client organization authorizing your use, we provide information about your use of our services to that client. You have the option to terminate your use of the Tool through a written notice. Such request will terminate your ability to use the Tool and the material thereon and may affect your rights under applicable agreements with EY.
A number of integrated applications, customized content, tools and resources accessed through the Tool also use Adobe Analytics (Adobe) in order to provide reporting, visualisations and analysis of data. Your personal data will be processed by Adobe for the following purposes: (i) to capture web metrics about the journey of users within our websites and applications (e.g. pages viewed and links clicked); (ii) to analyse and understand overall site traffic information; (iii) to allow us to make informed decisions about our intranet and extranet web sites; and (iv) to authenticate users and permit them to access these integrated applications. EY Global Services Limited is the data controller for the purposes of this processing and licenses Adobe from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland, who hosts it in London, United Kingdom.
Adobe processes the following types of personal data in relation to its users: username (relating to system administrators only); hashed email address; user rank; user business unit; user service line; user sub service line; user sub management unit (SMU); user sector; user area; user sub area; user country; user country code; user region/office; FSO, Financial Service Office; GDS, Global Delivery Service; and/or internal vs. external user information. This personal data will be retained for 24 months.
This processing is necessary for the purposes of the legitimate interests pursued by us (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.) The specific legitimate interest pursued is: reporting on the usage of our applications and website.
Sensitive Personal Data
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via the Tool. The Tools intention is not to process such information.
Who can access your information?
You can access your personal data in your user profile directly through the My Profile link. Your personal data is accessed in the Tool by the following persons/teams:
a) Global Administrator Super Users within EY can access and modify all information in the Tool.
b) System Administrators in EYs Global Delivery Service (GDS) centers in India can access all user profile information in the Tool globally in order to set up new users.
c) Administrators have no access to information shared with EY in individual applications accessed via the Tool, e.g. EY Canvas Client Portal or ID Secure File Transfer.
The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EYs Binding Corporate Rules (www.ey.com/bcr).
The policies and/or procedures for the retention of personal data in the Tool are:
The Tool automatically deletes any inactive users every 12 or 24 months, depending on provisioned applications. EY Internal users are automatically removed from the Tool when they leave EY through Active Directory permissions.
Your personal data will be retained in compliance with privacy laws and regulations.
After the end of the data retention period, your personal data will be deleted.
EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your datas confidentiality.
Controlling your personal data
EY will not transfer your personal data to third parties unless we have your permission or are required by law to do so.
You are legally entitled to request details of EYs personal data about you.
To confirm whether your personal data is processed in the Tool or to access your personal data in the Tool, contact your usual EY representative or email your request to firstname.lastname@example.org.
Rectification, erasure, restriction of processing or data portability
You can confirm your personal data is accurate and current. Upon receipt of sufficient information to confirm your identity, the Tool provides you with access to your personal data so that you can update and correct it. By clicking on the "Change Your Client Portal Profile" link on the Tools homepage, you are able to review and modify your personal profile and site preferences.
You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your local EY engagement team leader or by emailing the EY Client Portal Helpdesk at email@example.com. Alternatively, you can contact us via email at: firstname.lastname@example.org.
If you are concerned about an alleged breach of privacy law or any other regulation, contact EYs Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at email@example.com or via your usual EY representative. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you have the right to complain to your countrys data protection authority. You can also refer the matter to a court of competent jurisdiction.
If you have any questions or concerns, contact your local EY engagement team leader or email the EY Client Portal Helpdesk at
. Alternatively, you can contact us via email at: