Privacy notice

 

  • This Privacy Notice is intended to describe the practices EY follows in relation to the three applications that form the Digital Fast Forward Program (“Platform”), i.e. GEMA, Adobe Analytics and AEM (Adobe Experience Manager) Author (“AEM Author”), with respect to the privacy of all individuals whose personal data is processed and stored in the Platform.

  • “EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing this Platform on which your personal data will be processed and stored is EY Global Services Limited, an EY global entity.

    For GEMA, EY Global Services Limited licenses the Platform from Vuture, 3rd Floor, Crowne House, 56-58 Southwark Street, London SE1 1UN, United Kingdom.

    For Adobe Analytics and AEM Author, EY Global Services Limited licenses the Platform from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland.

    The personal data you provide in the Platform is shared by EY Global Services Limited with one or more member firms of EYG (see “Who can access your information” section below).

    GEMA is hosted on servers in Frankfurt, Germany.

    Adobe Analytics is hosted on servers in London, United Kingdom.

    AEM Author is hosted on servers in North Virginia, United States.

  • The Platform will transform EY’s online presence by building a new “EY.com” platform including a new CMS (integrated to a few internal EY systems) and a new analytics platform.

    Your personal data processed in the Platform is used as follows:

    • For GEMA in “Contact Us” forms, and other generic forms, for example, or event registration.
    • For Adobe Analytics to analyse and understand overall site traffic information including: visitor information; page views; server response times; bandwidth used; referring web sites; server errors and navigation paths.
    • For AEM Author to authenticate user into the application to provide access.

    EY relies on the following basis to legitimize the processing of your personal data in the Platform:

    • For GEMA: Processing is necessary to track and record reader responses, click-throughs and e-mail opens, track website visits and measure engagement;
    • For Adobe Analytics and AEM Author: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and
    • For Adobe Analytics: Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest pursued is as follows: analysis and improvement of the “EY.com” platform.

    The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the purposes for processing.

  • GEMA processes these personal data categories:

    • user ID, email address, first name, last name, and password;
    • location details;
    • company/organization details;
    • phone number and address; and
    • role and industry information.

    This data is sourced directly from EY Partners, employees or contractors, GHRDB (for office locations), directly by clients, and external users of the website through webforms.

    Adobe Analytics processes these personal data categories:

    • user ID, email address, first name, last name, and password;
    • IP address; and
    • user location.

    AEM Author processes these personal data categories:

    • user ID, email address, first name, last name, and password.

    For internal EY administrative users of Adobe Analytics and AEM Author, this data is sourced from the Active Directory. For external non-EY users of Adobe Analytics and AEM Author, this data is sourced from and provided directly the individual user.

  • Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

    EY does not intentionally collect any sensitive personal data from you via the Platform. The Platform’s intention is not to process such information.

  • Your personal data is accessed in GEMA by the following persons/teams:

    • Within EY:
      • Global system administrators (4 individuals in GSS); and
      • E-Marketing Campaign Managers (publisher, campaign workflow approvers, admin, users) within each sub-Area/EY member firm (1600 individuals globally).
    • Within Vuture: a limited number of personnel who provide IT support for the system (less than 10 individuals globally).

    GEMA has a configurable/flexible access model which allows EY to build role based access and control by geographic areas. A user profile is configurable to enable product features and access level controls.

    Role name Read Write Suggested count (all areas) Role definition
    Add Change Delete
    Vuture administrator X X X X 5-10 Full access, cannot be deleted.
    Super administrator X X X X 5-7 per area Full access to all data but not necessarily to all functions (depends on license). Super admin can access back end and do user management.
    Administrator X X X X 2-4 per sub area Compared to publishers, have access to some advanced features.
    Publisher X X X X EMEIA: 1,200 Can create, delete and edit materials.
    Editor X   X     Can edit existing materials.
    Read only X       100-200 Can read existing materials.
    Approver only X         Read only with access to approver functionality.

    Your personal data is accessed in Adobe Analytics by the following persons/teams:

    • System Administrators, Administrators and Administrator + SFTP Access: EY users of the tool located around the world can access Personal Data in the tool relating to visitor activity.
    • Report Managers.
    • Report Users: can access Reports which are generated from the system e.g. Digital marketers (marketing users who have limited access to only reports within the tool).

    Users of Adobe Analytics do not have access to any personal data that could identify an individual in the reports.

    Role Access level Description
    Administrator Read, write, delete & upload data (e.g., classifications).  Manage users, groups and permissions.  Create and manage report suites. Administrators have access to all functionality within Adobe Analytics.
    Business analyst/report user

    View and amend reports.  Create, view and amend dashboards.  Schedule reports.  Access analytics data via Excel Report Builder client.  Extract data via Data Warehouse function.  Distribute reports and dashboards throughout EY.

    Typically consumers of reports, dashboards, insights and analysis data gathered by Adobe Analytics.  Performs analysis on analytics data by applying segments to reports, dimension breakdowns, “what-if” analysis, trend analysis,  real-time monitoring.
    Digital marketer

    As above for "business analyst/report user." Create and manage segments. Analyse performance of internal and external campaigns, site search engine optimisation (SEO) peformance, etc.

    As above for “business analyst/report user.”  Campaign analysis. Segment analysis. SEO performance analysis.
    Senior manager/exec level Consume reports & dashboards. Access analytics data via Excel Report Builder client. Typically only concerned with consuming high-level summary data of over-all site performance.

    In each case these roles are located in the following countries: India, UK, USA, Germany, Netherlands, Poland, Canada, Norway, Sweden, Switzerland, Australia, Singapore, France, Argentina and Hong Kong.

    Your personal data is accessed in AEM Author by the following persons/teams:

    • System administrators > Vendors and Internal EY system administrators.

    No personal data is stored that would enable the users of AEM Author to identify the individual concerned. When the functionality of Super Authors is launched, the Super Authors might be able to see who the authors are that they manage.

    Name pattern Permissions Is a member of
    Viewers Can view any site but cannot edit it  
    Authors

    Can create, edit and delete content

    Cannot modify configuration pages

    Cannot modify themes

    Cannot modify templates

    Cannot publish content without approval

    Can start workflows to request approval

    Viewers
    Publishers

    Can approve content for publication in a workflow

    Can publish content

    Viewers
    Super-authors Can download, modify, upload and publish themes, templates, workflows and configuration pages Authors
    User-administrators

    Can create, edit and remove user accounts

    Can assign users to groups (except to administrators)

    Viewers
    Administrators Full access to all functionality Super-authors

    In each case these roles are located globally, in any location where there is an EY office.

    For all applications, data will be visible to third party vendors as part of the managed services contract for the Platform.

    The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). EY will process your personal data in the Platform in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).

  • The policies and/or procedures for the retention of personal data in GEMA are:

    • Data captured in GEMA flows through to the Customer Relationship Management system which deletes inactive contacts after 18 months.

    The policies and/or procedures for the retention of personal data in Adobe Analytics and AEM Author are:

    • Data deleted as relevant EY Employee leaves the firm. User authentication data is deleted from Adobe when the employee leaves the firm, however, their site visit data is not.
    • Data is deleted by an automated process. The data cannot be manually deleted from Adobe.
    • Data is retained for the duration of the EY contract with Adobe. It is then retained in a separate archive system for 2 years before being deleted. Adobe keeps the data available for 2 years for reporting purposes. 

    Your personal data will be retained in compliance with privacy laws and regulations.

    After the end of the data retention period, your personal data will be deleted.

  • EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.

  • EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.  

    You are legally entitled to request details of EY’s personal data about you.

    To confirm whether your personal data is processed in the Platform or to access your personal data in the Platform, contact your usual EY representative or email your request to global.data.protection@ey.com.

  • You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com.

  • When landing on this website, you have been given the opportunity to either accept cookies used on this website or to decline. If you have accepted our use of cookies, the following information relates to cookies used on this website only. Please note that any consent to accept cookies or to decline is limited to this website only and not to other EY sites or any pages on ey.com, which may be hyperlinked to this website. For more information on cookies used by those website, outside of www.ey.com, please refer to the specific privacy notice on those websites. If you have questions please contact via global.data.protection@ey.com.   

    By accepting cookies on this website, outlined in more detail below, you have accepted cookies which perform four functions, as classified below:

    • Essential/Strictly Necessary Cookies - Some cookies we use are essential to the functioning of the website.
    • Performance Cookies - Some cookies help us with the performance and design of this website. This allows us to measure whether and how many times a page has been visited.
    • Functionality Cookies - Some cookies help us to remember your settings which you may have selected, or assist with other functionality when you browse and use the website. This helps us to remember what you have selected, so that on your return visit we remember your preferences.
    • Tracking Cookies - we use cookies to track user activity and sessions, which helps us to understand your interests as you browse the content on the website, so we can tailor and deliver to you a more personalised service in the future. In addition, some tracking cookies allows us to understand more information about you.

    If you have accepted cookies on this website you still have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not, alternatively you can set your browser to block all cookies. However, please be aware that if you do turn off 'cookies' in your browser, you will not be able to fully experience some of the features of this website.

    This website deploys the following cookies:

    Cookie provider Name of cookie Purpose of cookie Type of cookie Duration of cookie
    Adobe Analytics AMCV_###@AdobeOrg Identifies the same visitor across different Marketing Cloud Solution. First party 2 years
    Adobe Analytics AMCVS_###@Adobe.Org Cookie used to detect new sessions for getting the visitor ID cookie AMCV_###@AdobeOrg. The value is a 0 or 1. First party 2 years
    Adobe Analytics demdex The demdex cookie contains the demdex ID, which is generated by the DCS. Third party 180 days
    Adobe Analytics s_cc This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True").  First party Current session
    Adobe Analytics s_sq This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user. First party Current session
    Brightcove _bc_uuid Unique identifier of the visitor. Third party 15 years
    Brightcove _ga Used to store the Client ID for tracking purposes. Third party  2 years
    Brightcove _gid Used to distinguish users. Third party  24 hours
    Doubleclick id DoubleClick uses cookies to improve advertising. Some common applications are to target advertising based on what’s relevant to a user, to improve reporting on campaign performance, and to avoid showing ads the user has already seen. First party persistent 2 years
    EY cookiePolicy Used to determine visitor's cookie consents. It can carry on either consent for all cookies or for selected cookie categories. First party

    3 months if consent given for selected cookie categories

    1 year if consent for all

    EY cookiePolicyChecksum Used to check if cookie policy has changed since the user has accepted cookie policy. First party

    3 months if consent given for selected cookie categories

    1 year if consent for all

    EY cookieGroupChecksum Used to check if cookie groups have changed since the user has given consent. First party

    3 months if consent given for selected cookie categories

    1 year if consent for all

    EY cookieToRemove Used to list cookies which should be removed. First party 1 minute
    EY X-XSRF-TOKEN A temporary token obtained on the website that enables the user to submit a contact form and prevents cross-site scripting which is a security vulnerability. First party Current session
    EY eyup_<artice-page-name> A cookie used to remember that upvote was performed by the visitor on the given page. Name of the cookie equals to the name of page upvote was clicked. First party 1 year
    EY BaseCountry Country the existing user belongs to. Geolocalization of the visitor. First party 1 day
    EY Country An EY country website selected by the user. First party 180 days
    EY Locale A language for the selected country. First party 180 days
    EY LocationSelector A flag which indicates if the location selector has been used. First party 180 days
    EY Org Organization the existing user belongs to.  First party 180 days
    EY recentSearches Recent searches of the user. Website uses this information to present user's recent searches in the search box. First party 12 days
    Facebook Facebook pixel This tag can be used for event tracking and remarketing purposes. We can create audiences of people depending on the events they perform and pages they visit, analyse the audiences once they reach a size of +10k, use them for retargeting and also for lookalike audience generation. Third party session 180 days
    Google NID These cookies allow our websites to remember information that changes the way the site behaves or looks, such as your preferred language or the region you are in.  Third party 6 months
    LinkedIn LinkedIn Insight Tag Enable in-depth campaign reporting and discover new business demographics by layering LinkedIn data to website visitors data. With the tag we will also be able to track all campaign metrics including Engagement against LinkedIn data and compare it against visitors that have not seen LinkedIn ads. The tag stores anonymous Business Demographic profile data for the user, not personally identifiable information. Third party session 6 months
    Microsoft Bing Ads NID Helps advertisers determine how many times people who click on their ads end up purchasing their products or services across devices. Third party 1 month
    Vuture intEmailHistoryId Used to identify a unique visitor as they click onto the site from a newsletter to which they have subscribed with articles from the site. The cookie records the pages visited on the site and time spent on the page. Third party persistent 1 year
    Wirewax player wirewax-player-impressions Latest videos played on the page. First party 2 years
    Wirewax player _ga Used to store the Client ID for tracking purposes. Third party 2 years
    Wirewax player mp_#####_mixpanel Identify who user is for tracking purposes. Third party 1 year
    Wirewax player optimizelyEndUserId Stores unique optimizely identifier. It's a combination of a timestamp and random number. No other information about visitor is stored inside. Third party 10 years

    If you have any questions in relation to the cookies we use, please contact us via global.data.protection@ey.com. Visit the cookies settings page to edit your cookie preferences.

  • If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.

    If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.

  • If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.