How EY manages its CRM systems?

The EY entities in Greece are “ERNST AND YOUNG Single Member Societe Anonyme for the Provision of Advisory Services”, “ERNST & YOUNG (HELLAS) CERTIFIED AUDITORS ACCOUNTANTS S.A.” and “Platis-Anastassiadis and Associates Law Partnership”, jointly referred to as “EY Greece” or “we”. The personal data provided to either of these EY member firms is jointly processed by them as joint controllers. The data controller that is assigned responsibilities by the joint controllers for processing your personal data for the purposes as described in this notice is ERNST AND YOUNG Single Member Societe Anonyme for the Provision of Advisory Services, with the contact details as detailed in the last section below.

“EY” refers to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. The entity that is managing the CRM systems for the EY member firms globally is EY Global Services Limited (a private company limited by shares in England and Wales, registered office, 6 More London Place, London SE1 2DA, United Kingdom, registered number 5483856).

Why does EY need your information?

We process personal data about contacts (former, existing and potential clients and individuals employed by or associated with such clients and other business contacts, such as alumni, consultants, regulators and journalists) in our CRM systems. These CRM systems support the marketing operations of EY. Contacts in our CRM systems will be sent EY Thought Leadership materials, newsletters, marketing materials, learning opportunities, surveys and event invitations.

We process personal data about participants in EY meetings, conferences, events and learning sessions (events). We use various applications to manage event registration processes. These applications will contain their own privacy notices explaining why and how personal data is collected and processed by them. We encourage participants to refer to the privacy notices available in those applications.

Legal grounds for processing data

Our legal grounds for processing personal data of business contacts in our CRM systems are:

  • Consent of the business contact
  • Our legitimate interest in managing the relationship with our business contacts and providing information about EY, our services and events we organize
  • Our legitimate interest to manage business opportunities and pipeline

Our legal grounds for processing personal data of participants in EY meetings, conferences, events and learning sessions are:

  • Consent of the participant
  • Our legitimate interest in organizing events and managing the registration process for such events
  • Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people gaining access to off-site EY events
  • Our legitimate interest in providing information about EY, our services and events we organize

What type of personal data EY processes?

In our CRM systems, we process the following categories of personal data:

  • Business contact data
  • Marketing preferences
  • Invitation responses and event attendance confirmations
  • Feedback for an EY event
  • Recordings of webinars and visual media (photographs and video recordings) 

Data categories

Type of data

Source of the data

Business contact data

Name, job title, employer, business address, business email address, business phone/fax numbers

We collect this data directly from you – in the course of providing services or otherwise interacting with you, such as for example through your registration or attendance at EY event.
Marketing preferences Your declared interest
in receiving specific marketing information
We collect this data when you complete our opt-in form and subscribe to receive direct marketing from EY.
Invitation responses and event attendance confirmation  Your response to our invitations to events  We collect this data from you or from your designee appointed by you to register you for an EY event.

Feedback information

Your evaluation of
our events, opinions, recommendations and preferences for future
EY events
We collect this data directly from you when you fill in a feedback form following an EY event.
Recordings and visual media (photographs and video recordings) Your voice and/or your image alone or with other people in the context of the EY marketing  event (webinar or in person) We either take photographs and make videos ourselves or engage a third party – a professional service provider who will process the data under our instructions and for our purposes.

EY neither intentionally collects nor processes any sensitive personal data in relation to EY marketing events. You are advised not to share with us any sensitive personal data.

How EY uses your data

EY will process your business contact data to send you direct marketing communications, administer your participation in EY events and for security purposes. Once subscribed, you can always unsubscribe from the emails you receive from us.

Processing your business contact information allows us to communicate with you via electronic mailings, text messages, in hard-copy form or, from time to time if necessary, also via phone.

We will process the information related to your marketing preferences to respond to your subscription request to receive specific direct marketing communication from us.

We will process your data in relation to the feedback that you have provided to us for the purposes of measuring your satisfaction and improving the quality of EY events. If, in the feedback form, you have specifically requested EY to contact you, we will reach out to you to discuss our services and how EY can support your organization.

We might be recording our webinars, for which you will be informed in advance. If you have spoken during the presentation or asked questions through the Q&A section or turned on your video – this data will be recorded and might be made available to other people who requested to view the on-demand recording.

We will publish the photographs and video recordings from EY marketing events on the EY website, social media channels or on other electronic or printed media. If you do not want to be photographed or video recorded, or if you do not want us to publish any picture or other visual media on which you appear, please let us know (at the event registration process or by sending an email to the contact below) before the event. 

Security

EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data confidentiality.

Sharing your data with third parties

We regularly partner with another organization (media, government institution, NGO, industry chamber, alliance partner, etc.) in organizing marketing events. For avoidance of doubt, these other parties and we act as separate controllers of personal data when carrying out our marketing campaigns. We do not share marketing databases.

When we administer the registration process for an event that we organize jointly with another organization, we might need to share your registration data with this other party. In any case, when we envisage sharing your personal data with such third parties, we will inform you about that in the invitation for the event.

Additionally, we may need to share your registration data with such third parties that help us organizing the event (for identification or security purposes, for administration, documentation and invoicing) only to the extent they need to process your data for providing these services to us.

Your personal data may be accessible by third parties engaged by EY to facilitate, maintain or support our CRM systems (for example, to provide information technology and other administrative support services to operate the CRM systems).

If any data sharing takes place between the EY Member Firms1, for that transfer we rely on the EY’s comprehensive global privacy compliance program that includes EU­approved Binding Corporate Rules, accessible on www.ey.com/bcr.

Data retention  

Your personal data will be retained in compliance with privacy laws and regulations. Our policy is to retain personal data only for as long as it is needed for the purposes as detailed in this document. If you have opted out of receiving future EY publications, your basic contact details will remain on our opt-out list.

The EY’s CRM systems for the EY Member Firms in the EMEIA Region are hosted in the EY’s global data centers in Germany.

If you want to have your data deleted from our CRM systems or if you wish to object to the processing of your personal data for direct marketing purposes, please email us via dpo@gr.ey.com .

Rectification, erasure, restriction of processing or data portability 

In order to confirm that your personal data is accurate and current or to request rectification, erasure, restriction of processing or a readily portable copy of your personal data, you can contact your usual EY representative or send an email to dpo@gr.ey.com .

Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, send us your complaint at dpo@gr.ey.com . An EY Privacy Officer will investigate your complaint and provide information about how it will be handled.

If you are not satisfied with how EY resolved your complaint, you have the right to complain to the Greek Data Protection Authority.

You can also refer the matter to a court of competent jurisdiction.

How to contact EY Greece

If you have additional questions or concerns, contact us at: Chimarras 8B, Marousi, Attica, Greece, phone number: +30 210 28 86 00, email dpo@gr.ey.com.

Date of last update: 24 June 2021

1EY Member Firms are listed here.