EY Social Insurance and Labor Advisors Corporation
Processing of personal data by EY Japan member firms
EYSH and the other EY member firms in Japan process personal data for a variety of purposes. We process personal data in compliance with the requirements of the Act on the Protection of Personal Information of Japan (“APPI”) and other applicable laws and regulations, and take appropriate steps so that personal data is appropriately protected.
2. Our privacy policies
(2) EY’s Global Privacy Statement
The member firms of EY Global process personal information for various purposes.
EY Global provides a Global Privacy Statement to explain how member firms of the EY Global network process personal information, as well as global standards of handling personal data by the member firms generally and in specific service lines, so that each EY member firm can protect personal data in accordance with applicable laws and regulations.
EYSH and the other EY member firms in Japan process personal data consistently with the information provided in the EY Global Privacy Statement and within the scope permitted under the Act on the Protection of Personal Information of Japan (APPI) and other applicable laws and regulations.
(3) Other specific privacy statements
Each EY member firm in Japan may ask you for your consent to process your personal data in separate privacy statements, with regard to the particular services that it offers (“other specific privacy statements” which include privacy provisions of agreements related to the particular services). EY member firms in Japan also comply with these other specific privacy statements.
(4) Browsing and using EY websites
3. Collecting and using personal data
(1) Each member firm of EY Japan collects and processes personal data in relation to the services that it offers. Personal data includes:
a) information from which an individual can be identified (including name, age, gender, titles, contact information, and address)
b) information that is needed to provide and perform its services, that is given by you, or by other individuals and entities.
(2) Please refer to the EY Global Privacy Statement and other specific privacy statements for more details of the categories of information processed for individual services.
4. Purposes of processing personal data
EYSH collects and process personal data for the following purposes:
a) To appropriately provide and perform related professional services
b) To respond to inquiries and requests
c) To provide information on our services, seminars and publications etc.
d) To comply with legal and regulatory obligations
e) To use IT, document management and archiving, and business operation tools and applications, in connection with performing services; for security, and business continuity/disaster recovery purposes
f) To conduct analysis, research and development, recommendations related to services that are provided and improvements of such services
(2) For specific purposes related to services offered by EY, please refer to the EY Global Privacy Statement and other specific privacy statements.
5. Use and transfer of personal data
EYSH will not use personal data for any purpose other than the stated purposes of processing, nor provide them to a third party, unless disclosure is required or requested by law or where there is a legitimate reason as permitted by applicable laws and regulations.
EYSH protects the confidentiality and security of personal data that are processed in the course of its business. We will treat personal data safely under strict management based on applicable laws and our related policies for security protection and management of personal data.
7. Support providers
EYSH, other EY member firms in Japan and EY Global network member firms outsource the processing of personal data to other member firms of the EY Global network or to our external support providers. For example, we engage our support providers in the following areas including but not limited to:
a) General office support including printing, document production and management, archiving, and translation services;
b) Accounting, finance and billing support;
c) IT functions including system management and security, data storage, business applications, and duplication of systems for business continuity/disaster recovery purposes;
d) Conflict checking, risk management and quality reviews; and
e) Business analysis, research and development, service improvements.
When EYSH outsources processing of personal information to our external support providers, EYSH will appropriately contract with them and conduct necessary and appropriate supervision in order to maintain safe management of the processing of personal data.
8. Joint use of personal data
EYSH, other EY member firms in Japan and member firms of the EY Global network (collectively, “Network Member Firms”) may jointly use and share personal data to the extent needed to carry out our business operations.
(1) Items of personal data to be jointly used
Network Member Firms may jointly use and share personal data to the extent needed for services and purposes including but not limited to:
a) Information about personal attributes (name, address, date of birth, the company you work for, title, telephone number, other contact information, other attribute information related to provided services, etc.)
b) Information necessary for the provision of services (type and content of provided services, materials required to perform services, communication records, service needs, etc.)
c) Information necessary for determination and management of the provision of services (service usage, transaction status, relationships with related parties, etc.)
d) Information necessary for responding to your inquiries and applications (content of inquiries, records of responses, other attributes and related information of services required for responses, etc.)
e) Personal data items listed in each category of the EY Global Privacy Statement
(2) Purposes of joint use and sharing of personal data include the following:
a) To perform related services provided by Network Member Firms
b) To respond to your inquiries and requests
c) To provide information on the services, seminars, and publications of Network Member Firms
d) To enable Network Member Firms to comply with applicable laws and regulations
e) To perform internal management controls including conflict checks, risk management and quality controls
f) To perform operation of services or use supporting services, such as for: IT; document production, management, and archiving; use of business operation tools and applications; security; and systems for business continuity/disaster recovery purposes
g) To conduct analysis, research and development, recommendations in relation to services of Network Member Firms, as well as to improve their provision of services
h) For the purposes described in the EY Global Privacy Statement
The Network Member Firms that may share and jointly use personal data are member firms of the EY Global network and can be found here
The person and entity in charge of managing joint use of personal data is set out below:
EY Social Insurance and Labor Advisors Corporation
Address: Tokyo Midtown Hibiya, Hibiya Mitsui Tower,
1-1-2 Yurakucho, Chiyoda-ku, Tokyo
9. Transfer of personal data to outside countries
EY Global Network Member Firms operate in more than 150 countries across the globe. Therefore, your personal data may be transferred to and stored outside the country in which you are located. Please refer to the following for further information on the entities and their locations.
Please also refer to the "Transfers of personal data" and "Support providers" section in the EY Global Privacy Statement regarding the transfer of personal data to outside countries.
10. EY’s Binding Corporate Rules
EY has established a Data Protection Binding Corporate Rules Program (BCR) to comply with European data protection law and other applicable laws and regulations. EYSH, members of EY Japan firms and EY Network Member Firms comply with the BCRs for the protection of personal data.
11. Disclosure and correction of personal data
In accordance with the Act on Protection of Personal Information of Japan (APPI) and other applicable laws and regulations, EYSH will disclose at your request the personal data that we hold about you according to the applicable procedures. If you inform us that your personal data is inaccurate, we will review and correct, add or delete the data as required in accordance with applicable laws, regulations and procedures.
If you have an inquiry, complaint or a request such as for the disclosure or rectification of your personal data which is processed by us, please contact: