privacy statement
- Introduction
This Privacy Notice is intended to describe the practices EY follows in relation to the EY Content Manager for Oceania (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool. This Privacy Notice should be read together with the ey.com Privacy Statement, and in case of any conflict with the ey.com Privacy Statement, the terms of this Privacy Notice will prevail.Please read this Privacy Notice carefully.
- Who manages the Tool?
By entering your personal information on this Tool, you will be providing your personal information to Ernst & Young (ABN 75 288 172 749), Level 34, 200 George Street NSW 2000 Australia (“EY”):
The personal information in the Tool is shared by EY with one or more member firms of EYG (see “Who can access your personal information” section 6 below).
The Tool is hosted externally by the vendor on cloud hosting by AWS in Sydney, Australia.
- How does the Tool process personal data?
All EY employees in Australia and New Zealand will register to have access to Position Promo Online Webstore to purchase EY branded promotional merchandise.
Your personal data processed in the Tool is used as follows:
- Registering, authentication, accessing and placing promotional merchandise order through the Position Promo Online Webstore and that expenditures are properly approved and tracked.
- Third parties for courier services.
EY relies on the following basis to legitimize the processing of your personal data in the Tool:
- Processing of your personal data is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest is:
- EY branded merchandise can be used for internal / external branding purposes; and
- EY office workplace management.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the above legitimate interest.
- What type of personal data is processed in the Tool?
The Tool processes these personal data categories:
- Name
- EY email address
- Residential mailing address
- Phone number.
This data is sourced from: Provided directly by EY employees and contractors.
- Sensitive personal data
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
The Tool does not collect or process sensitive personal data.
- Who can access your personal data?
Your personal data is accessed in the Tool by the following persons/teams:
| User Group | Location | Access | Amount |
|---|---|---|---|
| Group name | Identify country | Identify whether access is read, update, add | Provide the approx. number of users with access |
| EY employees | Australia and New Zealand | Read and access only | 7000 (Approx) |
| Vendor Personnel | Australia | Read Only | 4 |
| EY system Administrator | Australia | Read Only | 2 |
EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.
We transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.
To the extent that personal data has been rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.
For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law.
- Data retention
Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Why do we need your personal data”. Retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.
In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights and for archiving and historical purposes, we need to retain information for significant periods of time.
The policies and/or procedures for the retention of personal data in the Tool are:
The total retention period is 3 years.
Log Data will be retained in accordance with the EY IT Logging Policy.
After the end of the data retention period, your personal data will be deleted.
- Security
EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our ey-protecting-your-data-brochure-v2.pdf brochure.
- Controlling your personal data
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of EY’s personal data about you.
- Your rights in relation to your personal data
You may have certain rights in relation to your personal information, including:
- To request details of the personal information EY processes about you.
- To confirm your personal information is accurate and current.
- To have your personal information corrected, for example, if it is incomplete or incorrect.
- To restrict or object to the processing of personal information or request the erasure of your personal information.
- Where you have provided consent to the processing of your personal information, the right to withdraw your consent.
If you have any questions about how EY processes your personal data or your rights related to your personal data, please send an e-mail to [email protected].
- Complaints
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Data Protection Team via email at [email protected] or via your usual EY representative. An EY Privacy Off will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you may have the right to complain to the Australia privacy regulator. You may also have the right to refer the matter to a court competent jurisdiction.
- Changes to this Privacy Notice
We may change this Privacy Notice from time to time. If we make significant changes in the way we treat your personal information, or to this Privacy Notice, we will inform you through email. Your continued use of the Tool after such notice constitutes your consent to the changes. We encourage you to periodically review the Privacy Notice for the latest information on our privacy practices.
- Contact us
If you have additional questions or concerns, contact your usual EY representative or email [email protected].
By clicking on the “I ACCEPT/ACKNOWLEDGE” button you are confirming you have reviewed the Privacy Notice and consent to the collection, use, disclosure and handling of your personal information for the purposes of, and in accordance with, the activities and terms, set out in this Privacy Notice
