EY access locations will be dependent on EY roll outs of the Tool.
EY Recruiters will only be able to see the data relevant to their locations. CAPP has full access to all data in the Tool.
The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at https://www.ey.com/en_gl/locations). An overview of EY network entities providing services to external clients is accessible here (via ey.com UK site) (See Section 2 (About EY) - “View a list of EY member firms and affiliates”). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.
We transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.
To the extent that personal data has been rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.
For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law. The transfer of personal data to Tata Consultancy Services (TCS) and IBM are governed by contracts that includes standard data protection clauses adopted by the European Commission.
7. Data retention
Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “How does the Tool process personal data?” Retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements
The policies and/or procedures for the retention of personal data in the Tool are:
Data retention is in accordance with EY Records Retention Global Policy and the applicable Global, Area, Region or Country Retention Schedule.
EY will define data retention according to local laws. It will apply the Taleo retention policy for this Tool.
Taleo retention policy: They currently have an automated data purge task in Taleo that removes/deletes all candidate files that meet purge criteria. The criteria is: no activity has taken place in the file for 3 years or the file does not include a hire.
Your personal data will be retained in compliance with privacy laws and regulations.
After the end of the data retention period, your personal data will be deleted.
8. Security
EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our protecting your data 2018 (pdf) brochure.
9. Controlling your personal data
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
10. Your rights in relation to your personal data
Depending on the applicable jurisdiction, you may have certain rights in relation to your personal data, including:
- To request details of the personal data EY processes about you and to access the personal data that EY processes about you
- To have your personal data corrected, for example, if it is incomplete or incorrect
- To restrict or object to the processing of personal data or request the erasure of your personal data
- To receive a copy of the personal data which you have provided to EY in a structured, commonly used and machine-readable format which you can re-use for your own purposes (known as “data portability”)
- Where you have provided consent to the processing of your personal data, the right to withdraw your consent.
- The right to complain to a data protection authority (see section “Complaints”)
If you have any questions about how EY processes your personal data or your rights related to your personal data, please send an e-mail to data protection team.
11. Complaints
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at data protection team or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you may have the right to complain to your country’s data protection authority. You may also have the right to refer the matter to a court of competent jurisdiction.
Certain EY member firms in countries outside the European Union (EU) and the UK have appointed representatives in the EU and the UK respectively to act on their behalf if, and when, they undertake data processing activities to which the EU General Data Protection Regulation (GDPR) and/or the UK General Data Protection Regulation (UK GDPR) applies. Further information and the contact details of these representatives are available below:
EU data protection representative
UK Data protection representative
12. Contact us
If you have additional questions or concerns, contact your usual EY representative or email data protection team.