EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Insights
Asking the better questions that unlock new answers to the working world's most complex issues.
Services
EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
Industries
Discover how EY insights and services are helping to reframe the future of your industry.
See more
Case studies
Strategy and Transactions
How a cosmetics giant’s transformation strategy is unlocking value
13 Sep 2023Nobuko Kobayashi
About us
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
See more
Top news
Press release
Employers in Singapore drive higher GenAI adoption and continue to value flexible work arrangements
30 Oct 2024Singapore, SG
Press release
18 Oct 2024Singapore, SG
Recent Searches
Trending
-
How can you shape your IPO with confidence?
The EY Global IPO Trends Q3 2024 covers the news and insights on the global, area and regional IPO markets for Q3 and year-to-date 2024. Find out more.
25 Sep 2024 Private business -
How can the moments that threaten your transformation define its success?
Leaders that put humans at the center to navigate turning points are 12 times more likely to significantly improve transformation performance. Learn More.
15 Apr 2024 Consulting -
Artificial Intelligence
EY.ai - a unifying platform
16 Nov 2023 AI
EY Singapore Personal Data Protection Notice
November 2024
Introduction
This Data Protection Notice (Notice) sets out the basis upon which the Ernst & Young entities incorporated in Singapore, which include but are not limited to Ernst & Young LLP, Ernst & Young Solutions LLP, Ernst & Young Holdings Pte. Ltd., The Parthenon Group, Singapore Pte Ltd, EY Corporate Services Pte Ltd, Ernst & Young Advisory Pte Ltd, EY Corporate Advisors Pte Ltd, Ernst & Young Corporate Finance Pte Ltd and Atlas Asia Law Corporation (referred to as “EY”, “we”, “us”, or “our”) may collect, use, disclose or otherwise process your personal data in accordance with the Personal Data Protection Act 2012 (PDPA). This Notice applies to personal data in our possession or under our control, including personal data in the possession of the Ernst & Young global network of firms and organisations which we have engaged to collect, use, disclose or process personal data on our behalf and for our purposes.
The purposes listed in the clauses may continue to apply even in situations where your relationship with us (for example, pursuant to your engagement, procurement or other contract or engagement with us) has been terminated or altered in any way for a reasonable period, thereafter, including where applicable, a period to enable us to enforce our rights under a contract with you.
-
This Notice applies to all EY personnel, our prospective and current clients, clients’ customers and/or clients’ personnel for the purpose of rendering professional services to our clients.
-
As used in this Notice, “personal data” means data, whether true or not, about an individual who can be identified:
- From that data
- From that data and other information to which we have or are likely to have access.
Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
-
EY processes personal data for a variety of purposes. We collect this personal data directly from you, for example, if you engage us to provide services to you, if you visit ey.com “our Site”, if you submit your contact details to receive marketing communications from us, if you submit event-related data to attend EY events or submit a job application via the EY careers website or if we have hired you as third-party vendors, suppliers or subcontractors.
Alternatively, we process your personal data in the context of providing professional services to your employer or service provider, for example these may include but not be limited to conducting an audit of your bank or service provider, filing tax returns for your employer, or carrying out payroll services for the company you work for. Finally, we obtain your personal data via publicly available sources, such as LinkedIn. This Notice is intended to cover all the above-mentioned scenarios.
Your personal data will be collected, used or disclosed to third parties by us for the purposes below if you fall within any of the following categories of data subjects:
-
Effective delivery of information and services to you, and the effective and lawful operation of our businesses
Developing and improving our site and your user experience
-
Nominations require personal and financial data shared with program sponsors and judges. Refer to the program's privacy notice for more details
-
We collect, use and disclose this information:
- To provide services to you
- To manage our relationship and contracts
- For accounting and tax purposes
- For marketing and business development, with your consent
- To comply with our legal, regulatory, professional obligations and internal policy compliance requirements
- To establish, exercise or defend legal rights
- For historical and statistical purposes
- For investigations carried out in relation internal policy compliance or breach assessments and/or as per law enforcement authority or regulators instructions
-
Individuals whose personal data we obtain in connection with providing services to our clients
- Personal, contact, financial and special category data as needed for services
- Ensuring consistent and quality services for clients
-
To assist in insolvency procedures, including communication with creditors, statutory returns and legal obligations.
-
For marketing and communication purposes To manage relationships with business contacts and provide information about EY, our services and events
-
To manage event registration, including names, contact info, dietary restrictions and more
To provide information about EY, our services and events we organize
-
In instances where processed personal data goes beyond basic contact information used for application authentication purposes, such applications will contain their own privacy notices. Users should consult the application's privacy notice for details
-
-
EY uses social media to:
- Provide you with easy access to relevant information regarding job opportunities at EY and events we organize and to promote our services and brand.
- Assess aggregate data relevant for our pages, such as statistical and analytical data triggered by our content. Users should consult the platform's privacy notice for details.
-
Our site includes plugins for Facebook and YouTube, and the functions of Twitter and Instagram services. Users should consult the platforms’ privacy notices for details.
-
EY uses LinkedIn Lead Gen Forms for EY sponsored content and sponsored LinkedIn InMails for recruitment and marketing campaigns. Users should consult the platform's privacy notices for details.
Our site uses the Google Maps map service via an application programming interface (API). Users should consult the platform's privacy notices for details.
Promoting EY services and brand, in attracting, identifying and sourcing talent, and to improve your website experience and to optimise our services.
-
-
Legal ground for processing personal data of individuals who correspond with EY via email:
- To maintain the security of our IT infrastructure.
- Analysing email traffic.
-
Maintaining communication networks.
-
EY collect personal data from the following sources:
- To process and manage applications for roles at EY, including the screening and selecting of candidates.
- To hire and onboard candidates by making an offer to successful candidates and carrying out pre-employment screening checks.
- To manage our career websites, including conducting statistical analyses.
- Compliance with a legal or regulatory obligation when carrying out background checks to warrant a candidate is eligible to work.
-
Maintaining a strong relationship with our alumni, sending publications about EY and our services, inviting alumni to events and helping alumni keeping in touch with other alumni
-
Legal grounds for processing personal data of our supplier are:
- In order to manage our relationship and contract, and to receive services from our suppliers.
- To understand any conflict of interest or challenge with regard to independence legislation.
- To safeguard against EY inadvertently dealing with the proceeds of criminal activities or assist in any other unlawful or fraudulent activities (This may include terrorism, money laundering, bribery and corruption, breach of applicable laws) and any related investigations carried out either internally by EY, external regulators or law enforcement authorities.
-
EY/Ethics offers a confidential platform to report unethical or illegal behaviour violating our Code of Conduct. Please review the EY/Ethics privacy notice and consent form for details.
-
To provide you with certain facilities, to control access to our buildings, and to protect our offices, personnel, goods and confidential information.
-
-
In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of EY or another person. Before relying on the legitimate interests exception under the PDPA, EY will assess the likely adverse effects on you and determine whether its legitimate interests outweigh any adverse effect.
In addition to what has been mentioned herein this Notice and in line with the legitimate interests exception, we will collect, use or disclose your personal data for the following purposes:
- Fraud detection and prevention.
- Detection and prevention of misuse of services.
- Network analysis to prevent fraud and financial crime and perform credit analysis.
- Collection and use of personal data on company-issued devices to prevent data loss.
The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
-
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. To the extent that you have consented to the collection, use or disclosure of your personal data for any of the purposes listed above, you may withdraw consent and request us to stop collecting, using or disclosing your personal data by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to provide you the service or process your initial request for which you shared your personal data. We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in the section titled “Data Protection Officer”.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
-
If you wish to make:
- An access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data
- A correction request to correct or update any of your personal data which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) days. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
-
This Notice applies to all EY personnel, our prospective and current clients, clients’ customers and/or clients’ personnel for the purpose of
- EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our Protecting your data (pdf).
- To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimized collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, and security review and testing performed regularly.
-
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
-
We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required by EY’s internal policies and processes or permitted by applicable laws.
We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected and are no longer necessary for legal or business purposes.
-
Our Site is not intended for use by minors under the age of sixteen (16) years. EY does not knowingly collect, disclose, or sell the personal data of minors under 16 years of age through our Site. If you are under 16 years old, please do not provide any personal data even if prompted to do so. If you believe that you have inadvertently provided personal data, please ask your parents or legal guardians to notify us and we will delete your personal data.
-
EY member firms operate in more than 150 countries across the globe. Certain aspects of the EY infrastructure are centralized, including information technology services provided to member firms. In addition, where engagements with EY clients span more than one jurisdiction, certain information will need to be accessed by all those within the EY organization who are working on the matter. Therefore, your personal data will be transferred to and stored outside the country in which you are located, including countries with differing privacy laws.
We will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
-
You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request in the following manner:
Contact No. : 65357777
Email Address : dpo@sg.ey.com
Address : Level 18 One Raffles Quay Singapore 048583
-
This Notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated.
Effective date : 11/12/2023
Last updated : 11/12/2023