Last updated: 13 May 2019 (rewritten text)
This Privacy Notice is intended to describe the practices which EY follows in relation to EY Finance Navigator (hereafter also: “Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.
2. Who manages the Tool?
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity, and each of which can act as a data controller in its own right. The entity that is acting as data controller by providing this Tool on which your personal data will be processed and stored is EY Advisory Netherlands LLP.
The personal data which you provide in the Tool may be shared by EY Advisory Netherlands LLP with one or more member firms of EYG located throughout the world (see “Who can access your information” section below).
The Tool is hosted on Microsoft Azure servers that are located in Amsterdam.
3. Why do we need your information?
The purpose of the Tool is to assist you – as an entrepreneur – to build financial models that can help you better assess the financial impact of your business decisions. EY Finance Navigator will help you create a complete financial model presented in financial statement format and dashboards. EY Finance Navigator will help you understand financial terms and provide automatically generated checks and tips to improve the completeness of the information.
If you would like to sign up to the use of EY Finance Navigator functionalities (building financial models dashboard, forecast etc.), we will be processing additional data, such as your name, contact and address details, date of birth, country, password, company details and your IP address. In order for you to pay both the verification fee and the access fee, we will be providing your details to our payment provider, Ingenico Financial Services SA/NV (“Ingenico”). Ingenico is acting as a controller in its own right with regard to the payment process. For additional information see paragraph 5 below.
In addition, we could use your data (in anonymized form) for benchmarking purposes and for creating industry outlook reports. This will help you and other clients of EY Finance Navigator to strengthen the assumptions and assess and compare various aspects of your business to peers. The benchmarking information is displayed in an anonymized way so there is no direct comparison between companies. Industry outlook reports may be shared publicly, but data is shared in an anonymized way.
EY relies on the following basis to legitimize the processing of your personal data in the Tool: Processing is necessary for the performance of your contract with EY allowing you to properly use EY Finance Navigator.
The provision of your personal data to EY is mandatory in order to use EY Finance Navigator. Please be aware that if you do not provide us with all or part of your personal data, we may not be able to carry out the purposes for processing which are set out above.
4. What type of personal data is processed in the Tool?
The Tool processes (but is not limited to processing) the following categories of personal data: first name, last name, date of birth, address, postal code, city, country, IP address, e-mail, location (country) and password.
If you have already established a company, in addition to your personal details as mentioned above, the following company information may be processed within EY Finance Navigator but is not limited to: company name, address, postal code, city, country of registration, VAT number, the year company was founded, (sub-)sector, currency used, website, Chamber of Commerce number, company description.
In addition, we may be processing financial information such as historical and forecasted revenues, costs, operating expenses (incl. personnel), investments in assets (incl. deprecation years), funding requirements, market size data, current bank balance/funding raised and working capital terms.
This data is sourced from your input within EY Finance Navigator.
5. Payment provider
If you subscribe to EY Finance Navigator functionalities you are required to pay a verification fee (for “Know Your Client” purposes) and an access fee. We will provide our payroll provider Ingenico with the data relevant for the payment process. Ingenico will be processing your preferred payment method IP address and bank account/credit card details you enter. EY will receive a confirmation from Ingenico if the payment transaction was successful. EY will not be processing or storing your bank account details or your credit card information.
Ingenico will use your personal data to comply with its legal obligation under applicable legislation relating to fraud monitoring and the fight against money laundering and the financing of terrorism. Ingenico will not communicate your personal data to any third parties, except (i) if necessary for the execution of your payment, and (ii) if Ingenico is required, in accordance with applicable legislation, to communicate personal data to the Belgian Financial Intelligence Processing Unit (CTIF-CFI), the National Bank of Belgium, or any other legal or administrative or law enforcement authority. This shall also apply if data is communicated to the persons listed above in a country that is not a member of the European Economic Area but guarantees an adequate level of protection, or in a country that does not offer such adequate level of protection, providing that Ingenico obtained adequate contractual guarantees (EU model clauses) from such recipients. You are entitled to consult your data and to obtain correction supplementation or blocking of inaccurate data, by written request sent to Ingenico Financial Solutions SA/NV, Legal Department “Data Protection”, Boulevard de la Woluwe 102, B-1200 Brussels (Belgium) or send an email to firstname.lastname@example.org.
6. Sensitive Personal Data
We will not be processing sensitive personal data in the Tool. Your bank account and/or credit card information may be processed by our payment provider Ingenico.
7. Who can access your information?
Your personal data may be accessed in the Tool by the following EY persons/teams:
· EY Finance Navigator team based in The Netherlands will have read-only access;
· EY’s IT department will have access to the Tool for IT support purposes.
In addition, the following parties may have access to your personal data:
· The Tool is hosted by Microsoft on an Azure platform in Amsterdam;
· Ingenico Financial Solutions SA-NV, based in Belgium will process your account payments and will have access to your personal data required to facilitate the payment of the subscription fee.
The access rights detailed above may involve the transfer of personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com). EY will process your personal data in the Tool in accordance with applicable law and professional regulations. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).
8. Data retention
The policies and/or procedures for the retention of data in the Tool are as follows: Your personal data will be deleted within 12 months after your access to EY Finance Navigator has expired and has not been renewed. Please make sure to export and save your data before ending your account with EY Finance Navigator.
Ingenico will retain the data regarding your payments for a period of maximum 540 calendar days.
After the end of the data retention period specified in the policies and/or procedures set out above, your data will be deleted.
EY is committed to making sure that your personal data is kept secure. In order to prevent unauthorized access or disclosure, EY has put in place appropriate technical and organizational measures to safeguard and secure your personal data. All EY personnel and any third parties which EY engages to process your personal data are obliged to respect the confidentiality of your data.
10. Controlling your personal data
EY will not sell, distribute or lease your personal data to third parties (other than those parties referred to in section 7 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of the personal data which EY holds about you. If you would like to obtain confirmation as to whether or not your personal data is processed in the Tool or if you would like to access your personal data in the Tool, please contact us via email@example.com.
11. Rectification, erasure or restriction of processing
EY provides you with the ability to make sure your personal data is accurate and up to date. You can request rectification, erasure or restriction of processing of your personal data by sending an e-mail to firstname.lastname@example.org. We will use reasonable efforts to contact you regarding your request.
If you are concerned about an alleged breach of privacy law or any other regulation by EY, you can contact EY’s Privacy Officer via email at email@example.com. An EY Privacy Officer will be made available to investigate your complaint and give you information about how it will be handled.
If you are not satisfied with the way in which EY has resolved your complaint, you have the right to complain to the data protection authority in your country. You may also refer the matter to a court of competent jurisdiction.
13. Contact us
If you have questions or you do not feel that your concerns have been addressed in this Privacy Notice, please contact your usual EY representative, or you can reach us via firstname.lastname@example.org.