Personal Data Protection Notice

05 November 2019


This Personal Data Protection Notice (“Notice”) sets out Ernst & Young’s (comprising the partnership of Ernst &Young, incorporated under the laws of Malaysia, Ernst & Young Tax Consultants Sdn Bhd, Ernst & Young Advisory Services Sdn Bhd collectively referred to in this Notice as “EY”) personal data protection practices that will be followed to respect the personal data of individuals who deal with EY. This notice is provided in accordance with the Personal Data Protection Act 2010 (“the Act”) and the personal data protection principles which are set out in the Act.

Collection of information

The type of data collected by EY regarding individuals generally includes the following:

  • Names
  • Addresses (including email addresses)
  • Telephone and facsimile numbers
  • Date of birth
  • Occupation
  • Gender
  • Education
  • Details about next of kin including spouse and children’s names
  • Financial details
  • Membership of professional associations

Such data, where it relates directly or indirectly to a specific individual may fall within the definition of personal data under the Act and as such, all acts of processing such personal data will be carried out in compliance with the Act. Under the Act, “processing” includes the acts of collecting, recording, holding or storing personal data.

EY will collect personal data where it is required for carrying out one or more of its functions or activities. EY will collect the personal data only by lawful and fair means and not in an unreasonably intrusive way.

If it is reasonable and practical to do so, EY will collect personal data about an individual directly from the individual concerned. EY may also collect personal data from a variety of other sources, including without limitation at any events, conferences, seminars or talks organised or sponsored by EY and/or from the cookies used on this website.

The purposes for which EY processes personal data

Among the purposes for which EY processes personal data include the following (non-exhaustive):

  • To consider potential employee’s applications for employment by the firm
  • To open and administer client accounts
  • To provide services to clients
  • To administer independent contractors of the firm
  • For marketing and sales initiatives such as EY publications, events and business programs such as “Entrepreneur of the Year”
  • Direct marketing purposes
  • For EY to comply with its obligations under law

Use and disclosure

As a general rule, EY will not use or disclose personal data about an individual other than for its primary purpose of collection, unless:

  • The individual has consented to the use or disclosure
  • The use or disclosure is required or authorized by or under law
  • The use or disclosure is reasonably necessary for a specified purpose by or on behalf of a regulatory or enforcement body

With regards to EY’s direct marketing activities:

  • EY will not charge the individual for giving effect to a request not to receive direct marketing communications
  • Any individual who receives direct marketing communication from EY may contact or email EY’s Personal Data Protection Compliance Officer at the contact details below to “unsubscribe” or not receive any further direct marketing communications

Personal data integrity

EY will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete, not misleading and up-to-date

Personal data security

EY will take reasonable steps to protect the personal data it holds from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

EY will not keep personal data for longer than is necessary and will take reasonable steps to destroy or permanently de-identify personal data.

Access and correction

In accordance with the Act, EY may on request by an individual, provide them with access to their personal data and consider a request for correction of that data.

EY’s decision to provide such access or consider any request for correction of the personal data as it appears in EY’s records is subject always to any exceptions under applicable laws and/or the Act.

EY may decide to impose a charge upon the individual to cover the cost of verifying a request for information and locating, retrieving, reviewing and copying any material requested.

In accordance with the Act, an individual may forward a written request to EY’s Personal Data Protection Compliance Officer to stop processing personal data.

Disclosure to third parties

EY may disclose personal data to certain third parties to perform functions on EY’s behalf, and consequently may provide access or disclose personal data to the third parties such as those listed below (not exhaustive):

(a) Information technology (IT) service providers

(b) Data entry service providers

(c) Storage facility service providers

(d) Banks and financial institutions

(e) Insurance providers

(f) Any professional advisers and external auditors

(g) Regulatory and governmental authorities in order to comply with statutory and government requirements.

How can an individual contact EY with any inquiry/ complaint regarding personal data protection?

He/ She may email EY Malaysia or write to the following address:

Personal Data Protection Compliance Officer

Ernst & Young

Level 23A Menara Milenium

Jalan Damanlela, Pusat Bandar Damansara

50490 Kuala Lumpur


Tel: +603-7495 8000