Ernst & Young Tax Co.
handling of personal information by member firms in Japan
Ernst & Young Tax Co (“EYTAX”) is a member of the global organization of independent member firms of Ernst & Young Global Limited (“EY Global”), each of which is a separate legal entity (an “EY Member Firm”).
EYTAX handles personal information for various purposes. EYTAX appropriately handles and strives to protect personal information in compliance with the requirements of the Act on the Protection of Personal Information of Japan (the “Act”) and other applicable laws and regulations.
Please refer to the link below for details on our entity name, our office location and the name of our representative.
2. Our privacy policies
(2) EY Global privacy statement
EY Member Firms and other entities in the EY organization handle personal information for various purposes.
EY Global has established an EY Global Privacy Statement (hereinafter, “EY Global Privacy Statement”). EYTAX complies with the EY Global Privacy Statement to the extent permitted under the Act and other applicable laws and regulations.
(3) Other specific privacy statements
EYTAX may provide separate privacy statements (which may include rules on the handling of personal information in contracts for specific services or in other documents; hereinafter, the “other specific privacy statements”), or may ask for consents, with regard to specific services that EYTAX offers. EYTAX will also comply with these other specific privacy statements.
(4) Collection and handling of personal information obtained from browsing and using EY websites
The cookie function can be disabled by changing the user’s browser settings. In addition, installing the Google Analytics Opt-out Browser Add-on will allow the user to change their browser settings and prevent the collection of user data through the use of Google Analytics. You may view Google’s statements and terms at the links below:
3. Collection and use of personal information
(1) EYTAX collects and handles personal information related to the services that it offers. Personal information includes:
a) information from which an individual can be identified (including name, age, gender, titles, contact information, and address); and
b) information provided by the data subject or by other individuals or entities that is required for EYTAX’s provision and administration of services (including logs of communications, usage and browsing when providing or using services and facilities, etc.).
(2) Please refer to the EY Global Privacy Statement and other specific privacy statements for further details on the categories of information processed for specific services.
4. Purposes of use of personal information
(1) Purposes of use of personal information
EYTAX collects and handles personal information for the following purposes:
a) to properly perform the services that it offers;
b) to respond to inquiries and requests;
c) to provide information on services, seminars and publications, etc.;
d) to comply with legal and regulatory obligations;
e) to conduct internal management functions such as conflicts checking, risk management and quality reviews;
f) to use IT, document management and archiving, and business tools and applications; for security; and to respond to emergencies or other problems;
g) to conduct analysis, research and development, and recommendations on the performance and improvement of services, as well as to enhance the services it offers; and
h) to select and hire personnel, and to manage personnel after hiring.
(2) Please refer to the EY Global Privacy Statement and other specific privacy statements for further details on the purposes for specific services.
5. Restrictions on use and provision
EYTAX will not use personal information for any purpose other than the purposes of use specified herein, or disclose personal information to any third party, unless the data subject’s consent is obtained, or disclosure is required by laws and regulations, or where there is a legitimate reason within the scope permitted by applicable laws and regulations.
6. Security control measures
EYTAX will take necessary measures to prevent leakage of, loss of, or damage to any personal information it collects, and to carry out other appropriate organizational, human, physical and technical security control of such collected personal information. EYTAX will securely handle collected personal information in accordance with any personal information protection policies. In addition, EYTAX will be cognizant of the requirements for its compliance with relevant laws and regulations, as well as the status and effectiveness of its security control measures, and will take remedial actions as necessary.
7. Support providers
EYTAX and other EY Member Firms may outsource the handling of personal data to other EY Member Firms or to external support providers for purposes such as:
a) administrative support, including printing, document preparation and management, archiving, and translation services;
b) accounting, finance and billing support;
c) information systems, including system management and security, data storage, business applications, and back-up or duplication and retention for business continuity/disaster recovery purposes;
d) conflicts checking, risk management and quality reviews; and
e) business analysis, research and development, and service improvements.
Pursuant to appropriate contracts, EYTAX will supervise the external support providers as necessary and appropriate to ensure that the external support providers control the security of personal data.
8. Joint use of personal data
EYTAX and other EY Member Firms (collectively, “Network Member Firms” in this paragraph 8) may jointly use and share personal data to the extent necessary.
(1) Items of personal data to be jointly used
Items of personal data to be jointly used to the extent necessary for the services or the purposes listed below include:
a) information about personal attributes (name, address, date of birth, affiliation, title, telephone number, other contact information, other attribute information related to provided services, etc.);
b) information necessary in connection with the provision of services (type and details of services provided, materials required for performing the services, communication records, service needs, etc.);
c) information necessary for determination and management of the provision of services (service usage, transaction status, relationships with related parties, etc.);
d) information necessary for responding to inquiries and applications (content of inquiries, records of responses, attributes necessary for responses, service-related information, etc.); and
e) the personal data items listed under each category in the EY Global Privacy Statement.
(2) Purposes of joint use
a) to perform services provided by and relevant to Network Member Firms;
b) to respond to inquiries and requests;
c) to provide information on Network Member Firms’ services, seminars, and publications;
d) for Network Member Firms to comply with applicable laws and regulations;
e) for Network Member Firms to implement internal management controls including conflicts checking, risk management and quality reviews;
f) to manage services, or to receive business support services, for purposes of IT, document preparation and management, archiving, business tools and applications, security, responding to emergencies, and other related purposes;
g) to conduct analysis, research and development, and recommendations on the performance and improvement of Network Member Firms services, and to enhance the services they offer; and
h) for the purposes described in the EY Global Privacy Statement.
(3) Scope of joint users
Network Member Firms may share and jointly use personal data.
Firm names and locations can be found at the following link:
(4) Entity responsible for management of joint use of personal data
Ernst & Young Tax Co.
Information on its location and representative can be found at the following link:
9. Cross-border transfers of personal data
(1) In performing services, EYTAX may transfer personal data outside the country in which you are located.
(2) Establishment of system to protect personal data
EY Member Firms have established and comply with various commonly-applied internal policies regarding the protection of personal information and handling of data, including the EY Data Protection Binding Corporate Rules, and thereby have established a system to protect personal information by addressing matters including proper acquisition of personal information and disclosure of the purpose of use, maintenance of accuracy, specification of the purpose of use and utilization of personal information within the scope of that purpose, security controls, appropriate disclosure of relevant matters, honoring individuals’ rights, responses to accidents and the handling of complaints.
(3) Please refer to the following link for further information on EY Member Firms.
For further information on cross-border transfers of personal data, please refer to the relevant sections of the EY Global Privacy Statement (under Transfers of personal data and Support providers) and the EY Data Protection Binding Corporate Rules.
10. The EY Data Protection Binding Corporate Rules
In order to comply with the EU General Data Protection Regulation (GDPR) and other laws and regulations applicable in various jurisdictions, and to protect personal data, EY Global has established the EY Data Protection Binding Corporate Rules, with which EY Member Firms, including EYTAX, comply.
In addition to compliance with applicable laws and regulations, the EY Data Protection Binding Corporate Rules provide rules for each EY Member Firm’s handling of personal data within the scope of the purpose of use, taking appropriate security measures, ensuring through contractual obligations that service providers to EY Member Firms also adopt appropriate security measures, providing information in accordance with and to the extent required by applicable law, honoring individuals’ rights, reporting any data breaches, providing appropriate training to EY personnel, and assessing of compliance protocols.
11. Disclosure and correction of retained personal data
Upon receiving a request from a data subject about retained personal data, EYTAX will follow the prescribed procedures regarding disclosure, etc., of retained personal data in accordance with the Act and other applicable laws and regulations. Upon receiving a request to address retained personal data stating that the data is untrue, EYTAX will confirm the particulars of the request, and in accordance with the Act shall handle the request in accordance with the prescribed procedures by correcting, deleting or making additions to the retained personal data.
Requests may be filed by submitting a request form as prescribed by EYTAX and may require payment of a fee.
If you have an inquiry, complaint or a request, such as for the disclosure of your personal information, please contact:
Ernst & Young Tax Co.
Tokyo Midtown Hibiya, Hibiya Mitsui Tower
1-1-2 Yurakucho, Chiyoda-ku, Tokyo 100-0006