10 minute read 15 Nov 2019
An astronaut on a city sidewalk holding a balloon

Stay connected with EY

10 minute read 15 Nov 2019
Related topics Customer

Show resources

EY Privacy Notice

Would you like to stay in contact with EY?
Please, click  HERE to make your choice.

1. Introduction

This Privacy Notice is intended to describe the practices EY follows in relation to its Customer Relationship Management systems (CRM systems) with respect to the privacy of all individuals whose personal data is processed and stored in the CRM systems for direct marketing purposes.

2. Who manages EYs CRM systems?

“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity. The entity that is managing the CRM systems for the EY member firms globally is EY Global Services Limited (a private company limited by shares in England and Wales, registered office, 6 More London Place, London SE1 2DA, United Kingdom, registered number 5483856).

The personal data stored in our CRM systems is available to all EY member firms (see “Who can access your information” section below). Each EY member firm is the controller for its own contact data stored in the CRM systems.

3. Why do we need your information?

The CRM systems are EYs client/contact relationship management tools that support the marketing operations of EY member firms. Clients and contacts in the CRM systems may be sent EY thought leadership, marketing materials, learning opportunities, surveys and invitations to events.

Personal data processed in the CRM systems is used for the purposes of sales and marketing. Processing your contact information allows us to communicate with you via electronic mailings, text messages, in hard copy form or from time to time if necessary also via phone.

EY relies on the following basis to legitimize the processing of personal data in its CRM systems:

  • Member firms have obtained individual’s consent for the processing of personal data in the CRM systems; or
  • Member firms have a legitimate interest to process personal data in the CRM systems, which legitimate interest is the processing of personal data for direct marketing purposes.

4. What type of personal data is processed in the CRM systems?

The CRM systems process personal data of former, current and prospective clients (including individuals within a corporate client) of EY member firms. The CRM systems also contain data of other business contacts (such as consultants, regulators, journalists) as well as alumni.

The following data categories are processed in the CRM systems:

Name, job title, address, email address, phone numbers, fax number

Marketing preferences

Invitation responses and event attendance confirmations

5. Sensitive Personal Data

Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

EY does not intentionally collect any sensitive personal data from you to store in its CRM systems. The CRM systems’ intention is not to process such dataunless you explicitly provide sensitive personal data to us (for example dietary requirements if you attend one of our events).

6. Who can access your information?

Access to your personal data is limited by need. All marketing personnel within the EY member firms worldwide have access to your contact information.

We will only disclose your personal data to third parties:

  • If such third party is engaged by EY to facilitate, maintain or support its CRM systems (for example, to provide information technology and other administrative support services to operate the CRM systems);
  • When explicitly requested by you;
  • As required by a court order or any other legal or regulatory requirement.

7. International transfer of data

EYs CRM systems are hosted in EYs global data centres in Germany, the United States and Singapore and are accessible globally by all EY member firms.

EY has a comprehensive global privacy compliance program that includes EU-approved Binding Corporate Rules as well as certification to the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks administered by the U.S. Department of Commerce. Please see EY’s Binding Corporate Rules page for more information on our Binding Corporate Rules, and EY’s Privacy Shield Notice for more information on how EY complies with the Privacy Shield program. EY will only disclose your personal data to third parties that provide an adequate level of privacy protection.

8. Data retention

Data of contacts who have been out of active use for 18 months will be deleted from our CRM systems. If you want to have your data deleted from our CRM systems or if you wish to object to the processing of your personal data for direct marketing purposes, please email us via global.data.protection@ey.com.

9. Security

EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.

10. Controlling your personal data

EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.

You are legally entitled to request details of EY’s personal data about you.

To confirm whether your personal data is processed in our CRM systems or to access your personal data in the CRM systems, contact your usual EY representative or email your request to global.data.protection@ey.com.

11. Rectification, erasure, restriction of processing or data portability

In order to confirm that your personal data is accurate and current or to request rectification, erasure, restriction of processing or a readily portable copy of your personal data, you can contact your usual EY representative or by sending an e-mail to global.data.protection@ey.com.

12. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled.

If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.

13. Contact us

If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.



If you would like to receive exclusive information about topics that might be of interest to you, such as invitations to EY seminars, workshops and other events as well as newsletters, surveys or other communications related to the various services offered by EY, please click HERE.

About this article

Related topics Customer