This Privacy Notice is intended to describe the practices EY follows in relation to the Pymetrics, Inc (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool. This Privacy Notice should be read together with the ey.com Privacy Statement, and in case of any conflict with the ey.com Privacy Statement , the terms of this Privacy Notice will prevail. Please read this Privacy Notice carefully.
For purposes of clarity, this Privacy Notice is solely entered into between you and EY, and is not intended to replace and/or supersede the separate privacy policy, terms and/or conditions entered into between you and Pymetrics, Inc. in connection with your usage of and interaction with the Tool, including without limitation, the privacy policy located at https://www.pymetrics.ai/privacy-policy, which shall remain in full force and effect.
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing this Tool on which your personal data will be processed and stored is:
You can find a list of local EY member firms and affiliates on ey.com Privacy Statement
The personal data you provide in the Tool is shared by the above data controller with one or more member firms of EYG (see “Who can access your information” section below).
The Tool is hosted on servers in an Amazon Web Services (“AWS”) data centre (Northeast Region, US).
The Tool assess competencies and aptitude of candidates using a digital psychometric assessment based on game technology.
Your personal data processed in the Tool is used as follows:
For EY Users, gameplay data is used to analyze what are the key characteristics and traits that are common between those employees that make them successful in the role. This data is then used to create a data model to assess candidates against.
Candidates who apply to the same role will take the same assessment and be assessed against the model. Fit for role is determined based on percentile match against model.
Optional Sensitive Personal Data relating to Candidates and EY Users are used to ensure that the models are unbiased against gender/ethnicity.
Candidate data: name, email, requisition ID, and assessment ID are used to associate gameplay with the correct candidate.
EY relies on the following basis to legitimize the processing of your personal data in the Tool:
The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the purposes for processing.
The Tool processes these personal data categories:
EY Personnel:
Other:
This data is sourced from a feed from other EY systems known as GRMS, Yello and SuccessFactors (SF) Recruitment; or directly from yourselves:
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via the Tool. The Tool’s intention is not to process such information.
Your personal data is accessed in the Tool by the following persons/teams:
EY:
Other:
Role |
Location |
Purpose for which access is required |
Level of access rights (e.g. read-only, edit, delete) |
---|---|---|---|
EY Recruiters |
Global |
Assess candidates and obtain information on the prioritisation/scoring of candidates and any potential follow ups. |
Read, edit, delete Access rights restricted by country. |
Pymetrics personnel |
USA, Singapore, UK and Australia |
Maintenance and support |
Read-only |
IBM IT Support Team |
Canada, China, Czech Republic, Hungary, India, Malaysia, Mexico, Oceania, Philippines, Poland, the UK, the US, Costa Rica and Australia |
To provide IT support Services including the Digital Talent System Support Services to level 2 and 3 operational and release management. |
The access to this tool will be given based on need and role. For Level 2 and Level 3 support, access will be provided to 40 (approx.) IBM IT support team members. IBM IT Support Team will have read, update and add access. |
Location:
Purpose:
The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at https://www.ey.com/en_gl/locations. An overview of EY network entities providing services to external clients is accessible here (via ey.com UK site) (See Section 2 (About EY) - “View a list of EY member firms and affiliates”). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.
We transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.
To the extent that personal data has been rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.
For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law. The transfer of personal data from the Tool to IBM is governed by an agreement between EY and the IBM that includes standard data protection clauses adopted by the European Commission.
EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our protecting your data 2018 (pdf) brochure.
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
Depending on the applicable jurisdiction, you may have certain rights in relation to your personal data, including:
If you have any questions about how EY processes your personal data or your rights related to your personal data, please send an e-mail to data protection team.
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA,United Kingdom or via email at data protection team or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you may have the right to complain to your country’s data protection authority. You may also have the right to refer the matter to a court of competent jurisdiction.
Certain EY member firms in countries outside the European Union (EU) and the UK have appointed representatives in the EU and the UK respectively to act on their behalf if, and when, they undertake data processing activities to which the EU General Data Protection Regulation (GDPR) and/or the UK General Data Protection Regulation (UK GDPR) applies. Further information and the contact details of these representatives are available below:
EU data protection representative
UK Data protection representative
If you have additional questions or concerns, contact your usual EY representative or email to data protection team.