Privacy Notice – vx360

16 October 2020

1. Introduction

This Privacy Notice is intended to describe the practices EY follows in relation to vx360 (the “Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool. This Privacy Notice should be read together with the ey.com Privacy Statement, and in case of any conflict with the ey.com Privacy Statement, the terms of this Privacy Notice will prevail.  Please read this Privacy Notice carefully. 

2. Who manages the Tool?

“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can determine the purposes and means for data processing in its own right (i.e. act as a data controller or in a similar capacity). The entity that is acting as data controller (or similar capacity) by providing this Tool on which your personal data will be processed and stored is Ernst & Young LLP. Ernst & Young LLP licenses the Tool from MediaCom.

The personal data in the Tool may be shared by Ernst & Young LLP with one or more member firms of EYG (see “Who can access your personal data” section 6 below).

The Tool is hosted on AWS servers located in the U.S.

3. Why do we need your personal data?

The Tool is used to facilitate the EY Strategic Growth Forum (the “SGF”). Your personal data processed in the Tool is used to enable you to access the Tool and to participate in the SGF.

We process your personal data based on your consent. The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the purposes for processing. You have the right to withdraw your consent at any time.

4. What type of personal data is processed in the Tool?

The Tool processes these personal data categories:

  • Information that appears in your attendee profile:
    • First name
    • Last name
    • Company name
    • City
    • State
    • Country
    • Bio
  • Any information inputted via chats

This data is sourced from your SGF registration submission in the EY Cvent event registration tool, and via direct inputs into the Tool.

5. Sensitive personal data

Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

EY does not intentionally collect any sensitive personal data from you via the Tool. The Tool’s intention is not to process such information.

6. Web Beacons

EY occasionally advertises on third-party web sites. As part of our effort to track the success of our advertising campaign in connection with the SGF, we use a visitor identification technology such as a “web beacon” or a “pixel”, which counts visitors who have come to the Tool SGF registration page after being exposed to an EY banner ad on a third-party site. We do not use this technology to access your personal information and it is only used to compile aggregated statistics about visitors who come to the Tool in order to gauge the effectiveness of our ads. The web beacon used as part of the Tool is provided by Verizon Media, and data collected via the web beacon is retained for no longer than one month after the completion of the SGF. To learn more about your choices in connection with the use of the web beacon,  click here or here. To opt out of the use of the web beacon, click here.

7. Who can access your personal data?

Your personal data is accessed in the Tool by the following persons/teams:

  • All event attendees have access to your profile information in the Tool
  • Only you and other participants in your chats have access to information inputted into chats
  • Mvrk and Verizon personnel who support the Tool
  • EY personnel who support the Tool and facilitate the SGF

The access rights detailed above may involve transferring personal data in various jurisdictions in which EY operates (EY office locations are listed at www.ey.com/ourlocations). An overview of EY network entities providing services to external clients is accessible here (See Section 1 (About EY) - “View a list of EY member firms and affiliates”). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.

8. Sharing your information

We may also transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.

To the extent that personal data has been deidentified, aggregated or otherwise rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.

For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law. The transfer of personal data from the Tool to MediaCom and its subprocessors Verizon and Mvrk is governed by an agreement between EY and the service provider that includes standard data protection clauses adopted by the European Commission.

9. Data retention

Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Why do we need your personal data”.

Personal data will be retained in the Tool for no longer than one month after the completion of the SGF, after which it will be deleted.

10. Security

EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our Protecting your data brochure.

11. Controlling your personal data

EY will not transfer your personal data to non-EY third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law or professional obligation to do so.  

You may be legally entitled to request details of EY’s personal data about you.

To confirm whether your personal data is processed in the Tool or to access your personal data in the Tool or (where applicable) to withdraw your consent, contact your usual EY representative or email your request.

12. Rectification, erasure, restriction of processing or data portability

You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an email.

13. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.

If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.  

Certain EY member firms in countries outside the European Union (EU) have appointed a representative in the EU to act on their behalf if, and when, they undertake data processing activities to which the EU General Data Protection Regulation (GDPR) applies. Further information and the contact details of these representatives are available here.

14. California Residents

If you are a resident of the State of California, you may have certain additional rights with respect to your personal data.  Please visit our California Privacy Statement for more information. EY does not sell personal information collected in connection with the Tool.

15. Contact us

If you have additional questions or concerns, contact your usual EY representative or via email.