EY Japan Co., Ltd.
1. Overview: Processing of personal data by EY Japan member firms
EY Japan Co., Ltd. (“EYJKK”) is an EY Japan member firm. EYJKK and EY Japan member firms conduct business as separate business entities. EYJKK and the other EY member firms in Japan provide various services as members of the global organization of member firms of Ernst & Young Global Limited (“EY Global”) in Japan.
EYJKK and EY Japan member firms handle personal data for various purposes. EYJKK and the other EY Japan member firms process personal data in compliance with the requirements of the Act on the Protection of Personal Information of Japan (“APPI”) and other applicable laws and regulations, and take appropriate steps to ensure that personal data is appropriately protected.
Please refer to the below for information regarding our entity name, office location, and names of representatives.
2. Our privacy policies
(2) EY’s Global Privacy Statement
The member firms of EY Global (hereinafter, includes related entities) process personal data for various purposes.
EY Global established the Global Privacy Statement (hereinafter, “EY Global Privacy Statement”) to explain how member firms of the EY Global network process personal data, as well as global standards of handling personal data by the member firms generally and in specific service lines, so that each EY member firm can protect personal data in accordance with applicable laws and regulations. (including the EU General Data Protection Regulation (GDPR)).
EYJKK and the other EY member firms in Japan process personal data consistently with the information provided in the EY Global Privacy Statement and within the scope permitted The Company Act on the Protection of Personal Information of Japan (APPI) and other applicable laws and regulations.
(3) Other specific privacy statements
EYJKK may ask you for your consent to process your personal data in separate privacy statements, with regard to the particular services that it offers (“other specific privacy statements” which include privacy provisions of agreements related to the particular services). EYJKK also complies with these other specific privacy statements.
(4) Collection and processing of data obtained from browsing and using EY websites
The Cookie function can be disabled by changing the user’s browser settings. In addition, installing the Google Analytics Opt-out Browser Add-on will allow the user to change their browser settings and prevent the collection of user data from the use of Google Analytics.
Google Analytics Opt-out Browser Add-on
3. Collection and use of personal data
(1) EYJKK collects and processes personal data in relation to the services that it offers. Personal data includes:
a) information from which an individual can be identified (including name, age, gender, titles, contact information, and address)
b) information that is needed to provide and perform its services, that is given by you, or by other individuals and entities (including access logs of communication, usage and browsing when providing or using businesses, services and facilities, etc.)
(2) Please refer to the EY Global Privacy Statement and other specific privacy statements for more details of the categories of information processed for individual services.
4. Purpose of processing personal data
EYJKK collects and process personal data for the following purposes:
a) To appropriately provide and perform related professional services
b) To respond to inquiries and requests
c) To provide information on our services, seminars and publications etc.
d) To comply with legal and regulatory obligations
e) To conduct internal management such as conflict checks, risk control and quality control
f) To use IT, document management and archiving, and business operation tools and applications, in connection with performing services; for security, and business continuity/disaster recovery purposes
g) To conduct analysis, research and development, recommendations related to services that are provided and improvements of such services
h) To conduct hiring procedures for personnel and personnel management after hiring
(2) For specific purposes related to services offered by EY, please refer to the EY Global Privacy Statement and other specific privacy statements.
5. Restrictions on use and provision
EYJKK will not use personal data for any purpose other than the stated purposes of processing, nor provide them to a third party, unless disclosure is required or requested by law or where there is a legitimate reason as permitted by applicable laws and regulations.
6. Security control measures
EYJKK will take all necessary measures to prevent leaks, loss or damage of data obtained, and to appropriately conduct organizational, personnel-related, physical and technical security controls of such data. EYJKK will securely handle obtained personal data under rigid controls based on the Personal Data Protection Policy. In addition, EYJKK will take all necessary controls to monitor its compliance with relevant laws and regulations, as well as the current status and effectiveness of its security control measures.
Member firms of EY’s Global network will establish a common global policy, formulate relevant regulations, and take all necessary and appropriate security controls. Please refer to the EY Global Privacy Statement and related items of the Binding Corporate Rules (BCR).
7. Support providers
EYJKK, other EY member firms in Japan and EY Global network member firms outsource the processing of personal data to other member firms of the EY Global network or to our external support providers.
EYJKK will conduct the appropriate and necessary supervision for safety controls of personal data based on appropriate agreements regarding outsource vendors.
a) General office support including printing, document production and management, archiving, and translation services;
b) Accounting, finance and billing support;
c) IT functions including system management and security, data storage, business applications, and duplication of systems for business continuity/disaster recovery purposes;
d) Conflict checking, risk management and quality reviews; and
e) Business analysis, research and development, service improvements.
8. Joint use of personal data
EYJKK, other EY member firms in Japan and member firms of the EY Global network (collectively, “Network Member Firms” in 8.) may jointly use and share personal data to the extent needed to carry out our business operations.
(1) Items of personal data to be jointly used
Network Member Firms may jointly use and share personal data to the extent needed for services and purposes including but not limited to:
a) Information about personal attributes (name, address, date of birth, the company you work for, title, telephone number, other contact information, other attribute information related to provided services, etc.)
b) Information necessary for the provision of services (type and content of provided services, materials required to perform services, communication records, service needs, etc.)
c) Information necessary for determination and management of the provision of services (service usage, transaction status, relationships with related parties, etc.)
d) Information necessary for responding to your inquiries and applications (content of inquiries, records of responses, other attributes and related information of services required for responses, etc.)
e) Personal data items listed in each category of the EY Global Privacy Statement
(2) Purposes of joint use and sharing of personal data include the following:
a) To perform related services provided by Network Member Firms
b) To respond to your inquiries and requests
c) To provide information on the services, seminars, and publications of Network Member Firms
d) To enable Network Member Firms to comply with applicable laws and regulations
e) To perform internal management controls including conflict checks, risk management and quality for Network Member Firms
f) To perform operation of services or use supporting services, such as for: IT; document production, management, and archiving; use of business operation tools and applications; security; and systems for business continuity/disaster recovery purposes
g) To conduct analysis, research and development, recommendations in relation to services of Network Member Firms, as well as to improve their provision of services
h) For the purposes described in the EY Global Privacy Statement
(3) Scope of joint use parties
Network Member Firms may share and jointly use personal data.
Firm names and locations can be found at the following link:
(4) Person and entity in charge of managing joint use of personal data
EY Japan Co., Ltd.
The person and entity in charge of managing joint use of personal data is set out at the below link:
9. Transfer of personal data to outside countries
(1) EYJKK may transfer to and store personal data handled outside the country in which you are located.
(2) Protection systems for personal data at EY Global network member firms
In regard to the management of personal data and the processing of such data, member firms of the EY Global network have established various internal policies (including the “EY BCR” outlined below) to be commonly applied for all relevant matters, and maintains compliant protection systems for the purposes of appropriate acquisition and disclosure of the purposes of use regarding personal data, accuracy maintenance, defining of the purpose of use and utilization within the scope of such purpose, security controls, appropriate disclosure of related matters, respect for individual rights, appropriate handling of matters such as in the event of accidents or complaints.
(3) Please refer to the following for further information on EY Global Network Member Firms.
For other information regarding foreign transfer of personal data, please refer to the related areas of the EY Global Privacy Statement and the EY BCR.
10. The EY Binding Corporate Rules (BCR)
The EY global network, in order to comply with the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations and protect personal data, will establish the EY Data Protection Binding Corporate Rules and the member firms of EY’s global network including EY Japan member firms shall comply thereto.
EY Data Protection Binding Corporate Rules, in addition to complying with applicable laws and regulations, stipulate rules for matters such as handling of personal data within the defined purpose of use, conducting appropriate security control measures, requiring appropriate agreements with sub-contractors and contractual obligations for security controls, providing information and respecting individual rights in accordance with the applicable laws and regulations, reporting of accidents, appropriate training of personnel, and monitoring the compliance status and environment of such rules.
11. Disclosure and correction of personal data
In accordance with the Act on Protection of Personal Information of Japan (APPI) and other applicable laws and regulations, EYJKK will disclose The Company request the personal data that we hold about you according to the applicable procedures. In addition, if you inform us that your personal data is inaccurate, we will review and correct, add or delete the data as required in accordance with applicable laws, regulations and procedures.
Requests may be filed by submitting a request form as prescribed by EYJKK and may require a fee.
If you have an inquiry, complaint or a request such as for the disclosure or rectification of your personal data which is processed by us, please contact:
EY Japan Co., Ltd.
Tokyo Midtown Hibiya, Hibiya Mitsui Tower,
1-1-2 Yurakucho, Chiyoda-ku, Tokyo 100-0006.