Notice on Personal Data Protection Policy And Personal Data Processing

Introduction

This Notice on Personal Data Protection Policy And Personal Data Processing (“Notice”) describes how the EY Network Firms established and operating in Vietnam (“We” or “EY”) collect and use your Personal Data, as well as outline your rights with respect to your Personal Data.

This Notice is an appendix to the Privacy Statement and is an integral part thereof, to be read and interpreted consistently with other policies, notices, contracts, agreements, terms, conditions, or documents established between you and EY.

This Notice applies to all activities of Personal Data processing by EY in its capacity as a Personal Data Controller cum Processor, Personal Data Controller, or Personal Data Processor. In the process of handling your Personal Data, we will implement and comply with this Notice and applicable legal regulations.

1. Personal Data that EY collects from You

1.1. EY collects, uses, or processes various types of your Personal Data, depending on the circumstances, your role, and legal regulations, which may include:

1.1.1. Basic Personal Data:

Surname, middle name, given name, and other names (if any);
Date, month, and year of birth; date, month, and year of death or missing status;
Gender;
Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
Nationality;
Individual’s images; information obtained from security systems, including recordings of the Data Subject’s images on cameras or surveillance systems at EY office locations;
Phone number, identity card number, personal identification number, citizen identification number, passport number, driver’s license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number;
Occupation, place of work;
Marital status;
Information about family relationships (parents, children);
Information about an individual’s digital accounts; personal data reflecting activities or activity history in cyberspace;
Other information associated with a specific individual or that helps identify a specific individual, not falling within the scope of Sensitive Personal Data as stipulated in Section 1.1.2 below.

1.1.2. Sensitive Personal Data:

Political views, religious beliefs;
Health status and private life recorded in medical records, excluding blood type information;
Information related to racial or ethnic origins;
Information about inherited or acquired genetic characteristics of an individual;
Information about an individual’s physical attributes or unique biological characteristics;
Information about an individual’s sexual life or sexual orientation;
Data on crimes or criminal activities collected and stored by law enforcement agencies;
Information about your bank accounts and payment details;
Data about an individual’s location determined through location services;
Other personal data classified as specific by law and requiring necessary security measures.

1.2. Your Personal Data will be collected and processed by EY at the start and throughout the duration of your relationship with the company, within the scope and for the Processing Purposes listed in Section 2.2 of this Notice. In cases where EY independently determines the purpose and means of processing Personal Data, EY will act as the Personal Data Controller cum Processor or Personal Data Controller. In other cases, EY will process data on behalf of the Personal Data Controller under a contract or agreement with that party, and EY will act as the Personal Data Processor.

1.3. EY may also process Personal Data of other individuals provided by the Data Subject groups listed in Section 1.1 (e.g., information about family members, relatives, contacts, dependents, emergency contacts, etc.) to carry out transactions by EY with the Data Subject as required by applicable laws and regulations, professional obligations, policies, and obligations. In such cases, you – the party providing the Personal Data of others to EY – understand that you are acting as the Personal Data Controller. You are responsible for ensuring that the individual has been fully informed about the relevant Processing Purposes and that their Consent has been obtained before providing their information to EY. Additionally, depending on the specific circumstances and requirements, EY may act as the Personal Data Controller and Processor or Personal Data Processor.

2. Purpose to which EY Processes Your Personal Data

2.1. EY processes your Personal Data for the Processing Purposes specified in Section 2.2. The collection of this Personal Data by EY is typically mandatory, and if not provided, EY may not be able to fulfill its legal obligations to you or comply with legal requirements. EY will inform you of this prior to collection, as well as the consequences of not providing such Personal Data.

2.2. As a Personal Data Controller and Processor or Personal Data Controller, EY uses your Personal Data for necessary and reasonable purposes to fulfill EY’s rights and obligations toward you and in accordance with legal regulations, including but not limited to the following purposes (“Processing Purposes”):

Personal data that we collect about you when you visit our site falls into several categories.

Information that you provide voluntarily

We collect personal data that you provide voluntarily through our site, for example, when completing online forms to contact us, subscribing to a newsletter, using one of our online benchmark tools, subscribing to receive marketing communications from us, participating in surveys or registering for events that we are organizing. The information we collect about you include the following:

Name
Job title, job level or job function, role
Education
Company or organization
Company data
Contact information, including primary email, email address and telephone numbers
Demographic information, such as industry, country, postcode, preferences and interests
Other information relevant to client surveys or similar research
Information relating to events captured through event-related forms, such as dietary restrictions, hotel and flight information, registration/participation status, media interview attendance, previous event experience and gender 
Information pertinent to fulfilling our services to you
Any other personal data that you voluntarily choose to provide to us

We do not intentionally collect sensitive category data, unless you provide us with such data. While there may be free text boxes on the site where you are able to enter any information, we do not intend to process sensitive information. You are not required to provide, and should not disclose, sensitive personal information in the free text boxes. If you choose to provide any sensitive personal information in this manner, you acknowledge you consent to the collection and processing of this sensitive information.

If you register on our site, your personal data will be stored in our CRM system. Data of registrants is deleted after an individual has not actively engaged with EY for 18 months, or sooner if required by law.

If you have opted out of receiving EY publications, your basic contact details will remain on our opt-out list.

Information that we collect automatically

When you visit our site, we collect certain personal data automatically from your device. Specifically, the data we collect automatically include information, such as your IP address, pixel ID, device type, unique device identification number, browser type, operating system, broad geographic location (e.g., country or city-level location) and other technical information. We also collect information about how your device has interacted with our site, including the pages accessed, current URL, time you visited the site and links clicked. Collecting this information enables us to better understand the visitors who come to our site, where they come from and what content on our site is of interest to them.

We use this information for our internal analytics purposes, and to improve the quality and relevance of our site to our visitors. Information will be collected using cookies and similar tracking technology, as explained further in the EY Cookie Policy. Note that if the Do Not Track setting or Global Privacy Control signal in your browser is enabled, Marketing/Targeting cookies will be disabled by default.

Our site uses Adobe Analytics (“Adobe”) in order to provide reporting, visualisations and analysis of data. Adobe processes the following types of personal data: your IP address (to populate geosegmentation reports and to identify internal EY and external users accessing our site) and user IDs, email addresses, names and passwords to the extent provided directly by visitors of the site. Your personal data will be processed by Adobe for the following purposes: (i) to capture web metrics about the journey of users within our site (e.g. pages viewed and links clicked); (ii) to analyze and understand overall site traffic information; (iii) to allow us to make informed decisions about our site; and (iv) to authenticate users and permit them to access our site. EY Global Services Limited is the data controller for the purposes of this processing and licenses Adobe from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland, who hosts it in London, United Kingdom. Click here to learn more about Adobe’s privacy practices and to make choices regarding Adobe’s tracking activities.

Our site also uses various social media plugins.

Purposes for which we process your personal data as a visitor to our site are:

To administer and manage our site, including to confirm and authenticate your identity, and prevent unauthorized access to restricted areas of our site
To personalize and enrich your browsing experience by displaying content (including targeted advertising) that is more likely to be relevant and of interest to you
To analyze the data of visitors to our site and site traffic information
To capture webmetrics about the journey of users within our site
To determine the company, organization, institution or agency that you work for or with which you are otherwise associated
To develop our business and services
To provide you with marketing communications, EY Thought Leadership materials and online benchmarking tools
To conduct benchmarking and data analysis (for example, regarding usage of our site and demographic analyses of visitors of our site)
To understand how visitors use the features and functions of our site
To monitor and enforce compliance with applicable terms of use
To conduct quality and risk management reviews
To enable the better management of EY events, including World Entrepreneur of the Year
To enable teams managing events to coordinate their email campaigns and event notifications more effectively
To allow for event and webinar sign-up
To allow for content download and lead capturing
To allow services and information to be delivered effectively to you
Any other purpose for which you provided information to EY

Purposes for processing personal data of visitors of our site are:

For the effective delivery of information and services to you, and the effective and lawful operation of our businesses
For developing and improving our site, and your user experience
EY accepts nominations for the EY Entrepreneur Of The Year™ program via our site. Personal data, including financial data, is required of the nominee and he or she must sign the nomination form. Nomination forms are provided to the program sponsors, and independent national and regional panels of judges in order to select award recipients.

The EY Entrepreneur Of The Year™ global system contains a separate privacy notice. We encourage individuals participating in our Entrepreneur Of The Year™ program to refer to the privacy notice available on that system.
When you engage us to provide you with professional services, we collect and use personal data when we have a valid business reason to do so in connection with those services. For an overview of our services, click here .
In the context of providing professional services to clients, EY also processes personal data of individuals who are not directly our clients (for example, employees, customers or suppliers of our clients). See the section “Individuals whose personal data we obtain in connection with providing services to our clients” for additional information.
The majority of the personal data we collect and use to provide our services is supplied voluntarily by (or collected by us from third-party sources at the request of) our clients. Because of this, if you are a client of EY, then it will generally be obvious to you what personal data we collect and use. This information can include:

Basic information, such as your name, the company you work for, your position and your relationship to a person
Contact information, such as your postal address, email address and telephone numbers
Financial information, such as payment-related information
Any other personal data relating to you or other third parties which you provide to us for the purpose of receiving our services

We use this information:

To provide services to you
To administer our relationship and maintain contractual relations
For accounting and tax purposes 
For marketing and business development
To comply with our legal and regulatory obligations
To establish, exercise or defend legal rights
For historical and statistical purposes

Given the diversity of the services we provide, we process many categories of personal data. Please see below (non-exhaustive) examples of personal data categories for our four main service lines:
In providing assurance services, EY will process information that contains personal data, such as payroll files, board records and other documents attributable to the audit client's and any group companies' activities. Examples of categories of personal data that are processed are:

Contact details, such as name, address, telephone numbers and email address
Details of employment, such as employment number, employment department, role and employment time
Health and absence data, e.g., medical certificate and information on sick leave, leave of absence or parental leave
Trade union membership
Personal identity number
Information on financial conditions, such as bank account information, salary details and other benefits, insurance data and the license plate number of a company car
Information on insurances and occupational pensions
Or
Other categories of personal data needed for conducting the audit in accordance with good auditor’s and auditing standards

Examples of personal data categories processed by EY tax client engagement teams are:

Personal details for the individual client and their family members, including names, addresses and demographic, contact information, dates of birth, and tax identifiers, including social security numbers and email addresses

Personal details for the individual client’s delegates, including names, contact information and email addresses

Tax return files: liability, dates produced and sent, and comments on tax returns

Tax equalization data: liability, dates produced, settlement amounts and taxes paid

Organizers used for collecting the individual taxpayer’s (and if required, their family members’) country-specific personal income tax information, education, employment, medical, legal history and other data that is required in rendering services

Workpapers used to edit client information received from organizers or other means; compensation data from employers; sourcing of income based on assignment and travel calendar data 

Current, past or future travel information for the individual, including locations visited and workday activities that occurred in each location 

Documents, such as tax returns, assignment letters, immigration documents, audit requests from taxing authorities, and official and personal documents (birth certificates, marriage licenses, education documentations and degrees, and passport copies)

Financial reporting oversight role (FROR) questionnaires, indicating employment status, employer and job description

Company-specific information: corporate client personnel contacts and division names

Assignments data: details regarding current working and living arrangements, including country and city of assignment, employer division funding salary and assignment costs

Immigration data: work permit questionnaires, status of work permit, copy of application form, copy of work permit, copy of visa, copy of passport and other immigration documents

In providing advisory services, EY processes a wide variety of information, including potentially all types of personal data. The scope depends on the service and the sector in which the EY member firm’s client is active. For example, providing cybersecurity services for a bank involves the processing of different types of personal data than helping a client in the pharmaceutical sector build a better way of tracking health outcome data.

Examples of personal data categories received or processed by Advisory client engagement teams are:

Contact details, such as name, address, telephone numbers and email address
HR and supplier records of clients, which include personal details of employees or suppliers of the client, such as name, contact details, date of birth, race, government identification numbers, employment contracts and service contracts
Financial data, such as wage and salary information, pension and retirement benefits information, and bank account numbers
Health information about individuals receiving specific drugs or treatments
Personal data of employees potentially impacted by supply chain changes or outsourcing
Customer data, including race or gender during a customer experience engagement

Strategy and Transactions

Several personal data categories are processed by EY Strategy and Transactions client engagement teams. These include information about buyers and actual or potential targets, which mainly constitute personal details of directors and key personnel, such as:

Payroll details
Employment contracts
Pension and retirement benefits information
Entries in accident books
Insurance claims
Customer lists
Consumer contracts
Company registers
In addition, we also process identification and background information as part of our client acceptance, finance, administration and marketing processes, including audit independence, anti-money laundering, conflicts, reputational and financial checks, and to fulfill any other legal or regulatory requirements to which we are subject.

The checks could include the following:

Identity verification: proof of name and address
Ultimate beneficial ownership of corporate and other legal entities
Conflicts checks: to avoid a conflict of interest with any other client
Anti-money laundering, proceeds of crime and terrorist financing checks
Politically exposed persons (PEP) checks: those with prominent roles in government, judiciary, courts, central banks, embassies, armed forces and state-owned enterprises, including their family members and close associates
Adverse media checks
Government sanctions list checks
Independence checks

These checks are made for legal, regulatory or business reasons and need to be repeated during the course of our engagement. As part of these checks, we are required to process sensitive personal data (for example, to verify if you are a politically exposed person or to collect information about criminal convictions where this is required for anti-money laundering laws). It is important you provide us with all necessary information and documents as this affects our ability to provide services to you.

Purposes for processing personal data of our clients are:

Performance of a contract

Compliance with a legal or regulatory obligation
To provide you with seamless, consistent, high-quality services and securing prompt payment of any fees, costs and debts in respect of our services
To understand any conflict of interest or challenge with regard to independence legislation

To safeguard EY against inadvertently dealing with the proceeds of criminal activities or assisting in any other unlawful or fraudulent activities (for example, terrorism)
As part of the professional services EY provides to clients, EY processes personal data of individuals with whom we do not have a direct (contractual or other) relationship. For example, if we perform a statutory audit, our engagement team will be required to audit our client’s books, which could include payroll data for employees of the client, supplier data, financial administration, data regarding claimants and legal proceedings. To take another example: if we undertake a due diligence review of an acquisition of a target on behalf of a client, EY obtains personal data concerning the target’s employees, management and customers.

We seek confirmation from our clients that they have the authority to provide personal data to us in connection with the performance of the services and that any personal data they provide to us has been processed in accordance with applicable law.

Given the diversity of services we provide, we process many categories of personal data such as:

Personal details (such as name, age, data of birth, gender, marital status and country)
Contact details (such as phone numbers, email address and postal address)
Financial details (such as salary, payroll, income, investments, benefits and tax status)
Employment details (such as role, rank, experience, performance data and employment numbers)

For certain services, we also process sensitive personal data. For example, in certain countries performing tax return services involves the processing of details of payments made by our client, his or her spouse and dependents with respect to a trade union membership, to a political party, for medical treatments or to a religious charity. Such data is collected intentionally and will be used only where necessary in connection with the provision of the service for which the data was collected, such as determining the correct taxation of our client’s income and for claiming the correct tax deduction with respect to such payments.

Purpose for processing personal data of individuals whose personal data we obtain in connection with providing services to our clients are:

Compliance with a legal or regulatory obligation
To make sure our clients are provided with seamless, consistent and high-quality services worldwide
Once a company undergoes an insolvency, one or more EY insolvency practitioners (i.e., administrators and liquidators) could be appointed to manage the company’s affairs, business and property. Similarly, when a debtor is subject to insolvency or a restructuring regime, one or more EY insolvency practitioners could be appointed to manage the debtor’s affairs, business and property.

In this section:

Office holder refers to the EY insolvency practitioners.
Company refers to the insolvent entity for which the office holders have been appointed.
Debtor refers to the individual who is subject to an insolvency or restructuring regime.
“You” refers to the data subjects concerned by the insolvency procedure of the company or debtor.

In providing insolvency services, EY processes your personal data for the legitimate interests of assisting the office holders in the performance of their legal and regulatory obligations with regard to the insolvency procedures. For clarity purposes, the company or debtor remains data controller of your personal data processed for purposes that are not related to the legal and regulatory obligations of the office holders.

Most of the personal data we process is obtained from you directly, but we also indirectly obtain personal data about you.

The office holders and EY process your personal data for the following (non- exhaustive) purposes:

Communicating with the company or debtor’s creditors and individual creditors: specific information essential in order to carry out statutory duties (this information is to be used to assess, for example, an entitlement to any dividend should one be payable)
Provision of references or reports to government departments, regulatory authorities and appropriate bodies in connection with the holding of public office or responding to requests
Provision of statutory returns
Case administration purposes, including the realization of assets, agreement of claims and payment of distributions
Processing for personal purposes of employees in accordance with the law and the company’s own policies
Administration of payroll, raising invoices, credit control and other data relating to the company’s finances
The reasonable and lawful provision of information to interested parties
The prevention and detection of crime or fraud
Establishing, exercising or defending legal rights, taking legal advice, taking or defending legal proceedings
Complying with legal obligations to which the company or debtor is subject
Quality and risk management purposes

The types of personal data processed for the above purposes include (but are not limited to) name, address, identifying information, payroll information, as well as any information with your dealings with the company or debtor that are necessary for the performance of the office holders’ statutory obligations during the insolvency procedure.

You have certain rights in relation to your personal data. If you have a query or wish to exercise your rights, please make a written request to the party responsible for your personal data (the company, debtor or the office holder) using the contact details provided in communications about the insolvency.
We process personal data about contacts (former, existing and potential clients and individuals employed by, or associated with, such clients and other business contacts, such as alumni, consultants, regulators and journalists) in our CRM systems. These CRM systems support the marketing operations of EY. Contacts in our CRM systems will be sent EY Thought Leadership materials, newsletters, marketing materials, learning opportunities, surveys and invitations to events.

In our CRM systems, we process the following categories of personal data:

Name, job title, address, email address, phone and fax numbers
Name of employer or organization the individual is associated with
Marketing and user preferences including whether the individual has opted in to marketing communications
Invitation responses, reading activity and event attendance confirmations via the use of cookies and similar technologies to tailor our communications

We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies), if you attend one of our events.

Data of business contacts in our marketing databases who have not been actively engaged with EY will be periodically deleted in accordance with applicable regulatory requirements. If you have opted out of receiving future EY publications, your basic contact details may remain on our opt-out list.

Purposes for processing personal data of business contacts are:

To manage the relationship with our business contacts and providing information about EY, our services and events we organize
We process personal data about participants in EY meetings, conferences, events and learning sessions (events). We use various applications to manage event registration processes, which applications will contain their own privacy notices explaining why and how personal data is collected and processed by these applications. We encourage participants to refer to the privacy notices available on those applications.

As part of our event management processes, we process the following personal data (but only to the extent required for a specific event):

Name, age or date of birth
Client personnel information (home, office and business information)
Credit or debit card number
Customer information (home, office and business information)
Email address
Gender
Home or other physical address
Names of employers (EY or company)
Occupation (job title)
Passport number
Personal web URL (if you have a personal website that you would like to share)
Telephone or fax numbers
Event-related data such as: Dietary restrictions or special requirements, registration status, participant status/type, media interview attendance, previous event experience, arrival time/departure time, hotel check-in/check-out time, flight information (airline, arrival and departure dates)

We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies or other data relating to your health necessary to provide support to participants, if needed, for example, if a wheelchair will be required).

Attendees of EY events hosted at external venues are required to bring a photo ID for identification purposes to safeguard our people, assets and information, and to prevent unauthorized people gaining access to off-site EY events.

EY is allowed to take photographs and make audio or video recordings in public areas of the EY events. We use such media in our marketing materials. Images and voices of attendees will be recorded. Recordings will be edited, copied, exhibited, published or distributed.

Purposes for processing personal data of participants are:

To organize events and managing the registration process for such events.
To protect our people, assets and information, and to prevent unauthorized people gaining access to off-site EY events.
To provide information about EY, our services and events we organize.
We process personal data of participants of our conference call and collaboration platforms (e.g. Microsoft Teams) used for EY virtual business meetings as part of the provision of our services, or to administer and maintain our relationship with you (EY Virtual Meetings).

The personal data we collect and process for EY Virtual Meetings can include:

Basic information, such as your name, the company you work for, your role/position, your relationship to a person and your profile picture used during a meeting
Contact information, such as your postal address, email address and telephone numbers
Device data (e.g. device identifier, IP address, logs)
Information shared by you during the virtual meetings (e.g. shared via chat or screen-share)
If enabled, personal data in meeting recordings and/or meeting transcripts.

Call Recording & Transcriptions:

Depending on the background and purpose of the EY Virtual Meetings and to the extent permitted in the respective jurisdictions of the attendees we may, subject to your permission, record and/or transcribe (including temporary transcriptions) the content of the meeting (e.g. video and/or audio) in order to document it or to enable the use of AI powered virtual assistants (e.g. Microsoft Copilot) to provide valuable insights about it (e.g. generating meeting notes, tasks or summaries).

We will always inform you about the intention to record and/or transcribe the meeting and give you the opportunity to not participate in the meeting prior to enabling these features.

Purposes for processing personal data of participants are:

For conducting and facilitating EY Virtual Meetings to provide our services to clients and to maintain our business relationship with you;
To enhance EY Virtual Meeting experiences such as improving meeting efficiency, and enhancing communication among participants; and
For meeting recordings and/or transcriptions only: To the extent applicable under your local jurisdiction, your explicit consent.

We will only retain personal data collected through EY Virtual Meetings including recordings and transcripts as long as is needed for the described business purposes. Note that retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.

If you have additional questions about the processing of your personal data in EY Virtual Meetings, please contact your regular EY contact or the organizer of the meeting.
We provide external users access to various applications managed by us (such as the EY Client Portal and the My EY platform). In instances where such applications process personal data that goes beyond basic contact information used for application authentication purposes, such applications will contain their own privacy notices explaining why and how personal data is collected and processed by those applications. We encourage individuals using our applications to refer to the privacy notices available on those applications.
EY uses various social media platforms, for example, for recruitment or marketing purposes. We use social media to provide you with easy access to relevant information regarding job opportunities at EY and events we organize, and to promote our services and brand.

While EY will be responsible for the content it publishes using social media platforms, EY will not be responsible for managing the social media platforms (such as creating user statistics or placing cookies). When using these social media platforms, you are obliged to adhere to the legal and privacy terms imposed by the social media platform providers. Such providers collect personal data about you, including statistical and analytical data regarding your use of the social media platforms, such as an overview of pages you have accessed, “likes,” recent visits, posts you publish or find interesting. If you require access to such data or want to invoke one of your other rights (such as the right to object to the processing of your data), you should contact the social media platform provider. Some social media providers provide EY with aggregate data relevant for our pages, such as the amount of “likes” triggered by our content or the amount of posts, visitors to our sites, photos that are downloaded or links that are clicked.

On our site, we implement so-called social media plugins. When you visit a page that displays one or more of such buttons, your browser will establish a direct connection to the relevant social network server and load the button from there. At the same time, the social media provider will know that the respective page on our site has been visited. We have no influence on the data that the social media providers collect on the basis of the buttons. If you wish to prevent this, please log out of your social media accounts before visiting our website. Social media providers set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings.

Facebook plugins

Our site includes plugins for the social network, Facebook. The Facebook plugins can be recognized by the Facebook logo or by the like button on our sites. For an overview of Facebook plugins, click here.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. If you are not yet logged into your Facebook account, clicking a Facebook button will show you the Facebook login page for you to enter your login credentials. Please note that we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy.

Twitter plugin

Functions of the Twitter service have been integrated into our site. When you use Twitter and the “retweet” function, the websites you visit are connected to your Twitter account and made known to other users. If you are not yet logged into your Twitter account, clicking a Twitter button will show you the Twitter login page for you to enter your login credentials. In doing so, data will also be transferred to Twitter. We would like to point out that we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information, see Twitter’s privacy policy.

Instagram plugin

Our site contains functions of the Instagram service.

If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. If you are not yet logged into your Instagram account, clicking an Instagram button will show you the Instagram login page for you to enter your login credentials. We expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.

For more information, see Instagram’s privacy policy.

YouTube plugins

Our site uses plugins from YouTube, which is operated by Google.

If you visit one of our pages featuring a YouTube plugin, it is a connection to the YouTube servers. Here, the YouTube server is informed about which pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. If you are not yet logged in, clicking a YouTube button will show you the YouTube login page for you to enter your login credentials.

For more information, see Google’s privacy policy.

LinkedIn Lead Gen Forms

EY uses LinkedIn Lead Gen Forms for EY sponsored content, and sponsored LinkedIn InMails for recruitment and marketing campaigns. Once LinkedIn members click on EY advertisement, they will see a form that is pre-filled with information from their LinkedIn profile, such as their name, contact information, company name, seniority, job title and location. As soon as a LinkedIn member submits a lead form, they will be connected to EY.

Please click here for LinkedIn’s privacy policy.

Google Maps

Our site uses the Google Maps map service via an application programming interface (API).

To use Google Maps, it is necessary to save your IP address. This information is generally translated to a Google server in the United States and stored there. We have no influence on this data transfer.

For more information, see Google’s privacy policy.

Purposes for processing personal data of visitors to our social media pages, and the use of social media plugins and tools are:

To promote EY services and brand
To attract, identify and source talent
To improve your website experience and to optimize our services
EY uses a variety of tools to maintain the security of our IT infrastructure, including our email facilities. Examples of such tools are:

Systems that scan incoming emails to EY recipients for suspicious attachments and URLs, in order to prevent malware attacks
Tools that provide end-point threat detection to detect malicious attacks
Tools that block certain content or websites

If you correspond via email with an EY recipient, your emails will be scanned by the tools EY operates to maintain the security of its IT infrastructure, which could result in content being read by authorized EY persons other than the intended recipient.

Purposes for processing personal data of individuals who correspond with EY via email:

To protect our IT infrastructure against unauthorized access or data leakage
To analyze email traffic
EY’s phone service is hosted internally at EY. When you call EY personnel, only your phone number will be stored on EY servers and will be delivered to the recipient of your call on their handset and via an email. No other personally identifiable information is collected but technical logs and reports may be stored for trouble shooting purposes.

EY’s voicemail service is provided by Microsoft. When you call EY personnel and leave a voicemail, this voicemail and any personal data contained within it will be stored on global Microsoft Azure servers and will be delivered to the recipient of your call as an MP3 voice clip in an email. Microsoft will not keep call logs in relation to your calls to EY personnel.

Purpose for processing personal data of individuals who correspond with EY via phone and voicemail services:

To maintain communication networks
We collect information from and about candidates in connection with available employment opportunities at EY. The information that we collect, the manner in which it is used, and the timing in which it is gathered varies depending on the country in which you apply. As general matter, the data we collect regarding our job applicants includes resumes or CVs, identification documents, academic records, work history, employment information and references.

We use your personal data to match your skills, experience and education with specific roles offered by EY. This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite you for an interview. EY will collect further information if you are invited to the interview (or equivalent) stage and onward. Such information includes interview notes, assessment results, feedback and offer details, and information about other individuals, as the case may be, for purposes of complying with the applicable laws and regulations, professional obligations, policies, and obligations of EY with any third party.

In connection with our recruitment activities including applications and onboarding, we also collect sensitive personal data from candidates where we have an employment law obligation to do so. This information is relevant to their future working environment at EY or the future provision of employment benefits, or with the individual's explicit consent, where collecting such information is permitted by law. For example, where allowed under applicable law, we will collect information about an individual’s disabilities in order to analyze the diversity of our workforce. Once onboarded, an individual’s provision of information regarding disabilities will also be used to provide a suitable working environment. We will also need to conduct criminal background checks for certain candidates to assess their eligibility to work at EY or for EY clients. In certain countries, we will also ask candidates to provide diversity information about their race and ethnicity, and sexual orientation for diversity monitoring purposes, although the provision of this information will be entirely voluntary. However, where a candidate does not voluntarily provide such information, we could be required by law to make our own assessment of such criteria.

Our recruitment tools and websites contain their own privacy notices explaining why and how personal data is collected and processed by those applications. We encourage individuals using our recruitment tools and websites to refer to the privacy notices available on those tools and websites.

Depending on the country in which you apply, EY collects personal data about candidates (“you”) from the following sources:

Directly from you – for example, information that you have provided when applying for a position directly through the EY careers website (for additional information about the processing of your personal data via our global recruitment management system, please read the data privacy statement available in this system)
From recruitment agencies – for example, when a recruitment agency with your details contacts us to suggest you as a potential candidate;
Through publicly available sources online – for example, where you have a professional profile posted online (e.g., on your current employer's website or on a professional networking site, such as LinkedIn)
By reference – for example, through a reference from a former employee or employer, or from a referee you have identified
Results of background screening checks

Purposes for processing personal data of our job applicants are:

To attract, identify and source talent
To process and manage applications for roles at EY, including the screening and selecting of candidates
To hire and onboard candidates by making an offer to successful candidates, and carrying out pre-employment screening checks
To manage our career websites (including conducting statistical analyses)
Compliance with a legal or regulatory obligation (when carrying out background checks to warrant a candidate is eligible to work).
EY hopes to maintain a lifelong, mutually beneficial relationship with EY alumni (former member firm partners, employees and contractors). If we invite you to our alumni community, your name, contact details, role, last EY office, rank, service line and country will be used to create a record for you in one of our alumni databases, unless you have indicated that you are not interested in participating in the EY alumni program. You have the opportunity to create a more detailed profile and to decide how much additional information you wish to share with EY and the wider alumni community.

Our alumni databases contain their own privacy notices explaining why and how personal data is collected and processed by those applications. We encourage individuals using our alumni databases to refer to the privacy notices available on those applications.

Purposes for processing personal data of our alumni are:

For maintaining a strong relationship with our alumni, sending publications about EY and our services, inviting alumni to events, and helping alumni keeping in touch with other alumni
We process personal data about our suppliers (including subcontractors, and individuals associated with our suppliers and contractors) in order to manage our relationship and contract, and to receive services from our suppliers.

The personal data we process is generally limited to contact information (name, name of employer, phone, email and other contact details) and financial information (payment-related information).

In addition, we also use data about our suppliers to check whether we have a conflict of interest or audit independence restriction to appointing a supplier. Before we take on a new supplier, we also carry out audit independence and other background checks required by law or regulation, for example, adverse media, bribery and corruption, and other financial crime checks.

Purposes processing personal data of our suppliers are:

Performance of a contract
Compliance with a legal or regulatory obligation
To manage payments, fees and charges, and to collect and recover money owed to EY
To understand any conflict of interest or challenge with regard to independence legislation
To safeguard against EY inadvertently dealing with the proceeds of criminal activities or assist in any other unlawful or fraudulent activities (for example, terrorism).
EY/Ethics (https://secure.ethicspoint.com/domain/media/en/gui/6483/index.html) provides EY people, clients and others outside of EY with a means to confidentially, and either anonymously or on a disclosed basis, report an activity that involves unethical or illegal behavior that is in violation of professional standards or otherwise inconsistent with our EY Global Code of Conduct. Reports can be made either online or via a telephone hotline.

EY/Ethics contains its own privacy notice and consent form which describes the practices EY follows in relation to EY/Ethics. We encourage individuals using EY/Ethics to refer to this EY/Ethics notice and consent form.
When you visit an EY office, we process your personal data in order to provide you with certain facilities (such as access to our buildings and conference rooms or Wi-Fi), to control access to our buildings, and to protect our offices, personnel, goods and confidential information (for example, by using CCTV).

The personal data we collect is generally limited to your name, contact information, location, and the time you enter and leave our office.

Visitor records and access badges
We require visitors to our offices to sign in at reception and we keep that record of visitors for a short period of time. Visitors to our offices are provided with a temporary access badge to access our offices. Our visitor records will be used to verify that access badges are returned, to look into a security incident and for emergency purposes (for example, if an office needs to be evacuated).

Wi-Fi
We monitor and log traffic on our Wi-Fi networks. This allows us to see limited information about a user’s network behavior, but will also include being able to see at least the source and destination addresses the user is connecting from and to.

CCTV
EY uses CCTV monitoring where permitted by law. CCTV images are securely stored and only accessible on a need-to-know basis (for example, to look into an incident). We are allowed to disclose CCTV images to law enforcement bodies. We will also share CCTV images with our insurers for purposes of processing an insurance claim as a result of an incident. CCTV recordings are typically deleted or automatically overwritten after a short period of time unless an issue is identified that requires further investigation.

Purposes for processing personal data of visitors to EY offices are:

To protect our offices, personnel, goods and confidential information
To prevent and detect crime, and establish, exercise and defend legal claims

3. How EY Shares or Discloses Your Personal Data

EY member firms operate in more than 150 countries across the globe. Certain aspects of the EY infrastructure are centralized, including information technology services provided to member firms. In addition, where engagements with EY clients span more than one jurisdiction, certain information will need to be accessed by all those within the EY organization who are working on the matter. Therefore, your personal data will be transferred to and stored outside the country in which you are located. This includes countries outside the European Economic Area (EEA) and countries with laws that have not necessarily been determined to provide an adequate level of protection for the processing of personal data under the laws of the EU or other jurisdictions.

We take appropriate security and legal precautions to safeguard the safety and integrity of personal data that is transferred within the EY organization. EY has implemented binding corporate rules (BCRs) that allow for global transfers within the EY organization of personal data originating in the EEA in accordance with applicable European privacy laws. The BCRs require all EY entities worldwide to use the same standards of protection for personal data. You can access our BCRs here.

Your personal data will also be processed by EY support providers that support our internal ancillary processes. For more information, click the section “Support providers”.

4. Support Providers

4.1. We transfer or disclose the personal data we collect to external support providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage support providers to provide (a) general office support including printing, document production and management, archiving, and translation services; (b) accounting, finance and billing support; (c) IT functions including system management and security, data storage, analytics, business applications, voicemail and replication of systems for business continuity/disaster recovery purposes; and (d) conflict checking, risk management and quality reviews.

4.2. It is our policy to only use third-party support providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected. For data collected in the EEA or which relates to data subjects in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law.

5. Other disclosures

5.1. EY discloses your personal data:

Where this is appropriate for the purposes described in the section “Purposes for which we process personal data,” including within the EY organization itself;
If required, by applicable law;
In connection with a reorganization or combination of our organization with another organization;
If we believe that such disclosure is appropriate to enforce or apply terms of engagement, and other agreements or otherwise protect and defend EY rights, property or safety;
In order to comply with a judicial proceeding, court order or other legal obligation, or a regulatory or government inquiry; or
With your consent.

5.2. We would like to draw particular attention to the fact that in certain jurisdictions, EY has a legal obligation to report suspicious transactions and other activity to relevant regulatory authorities under anti-money laundering, terrorist financing, insider dealing or related legislation. EY also reports suspected criminal activity to the police and other law enforcement bodies. We are not always permitted by the law to inform you about this in advance of the disclosure, or at all.

5.3. Third-party recipients of personal data include:

Professional advisors, such as law firms, tax advisors or auditors;
Insurers;
Audit regulators;
Tax and customs, and excise authorities;
Regulatory and other professional bodies;
Stock exchange and listing authorities;
Public registries of company directors and shareholdings;
Providers of identity verification services;
Credit reference agencies;
The courts, police and law enforcement agencies;
Government departments and agencies;
Service providers;
Support providers.

6. How EY Protects Your Personal Data

6.1. EY maintains appropriate administrative, technical, and organizational measures designed to protect the confidentiality and integrity of your Personal Data and to safeguard it against destruction, loss, alteration, unauthorized disclosure or access, misuse, or any other form of unlawful processing of the Personal Data held by EY.

6.2. EY trains its employees on personal data protection policies and procedures and permits authorized employees to access Personal Data as necessary for their roles.

7. Cross-Border Transfer of Your Personal Data

7.1. During the processing of Personal Data, EY may transfer or grant access to your Personal Data to EY Network Companies, service providers, or other individuals or organizations mentioned in Section 3.1 of this Notice, located in different jurisdictions, in accordance with the Processing Purposes to which you have consented. Additionally, equipment and systems located outside the territory of Vietnam may be used to process Personal Data on our behalf. Such cases may be considered as cross-border transfers of your Personal Data, and in such instances, we will comply with the provisions outlined in Section 7 of this Notice.

7.2. In relation to the cross-border transfer of Personal data between member firms within the EY organization, such transfer shall comply with the the BCRs as mentioned under Section 3 of this Statement.

7.3. For the cross-border transfer of Personal Data to organizations or individuals not mentioned in Section 7.2 above, EY will make efforts to implement appropriate measures to ensure the protection of your Personal Data. These measures include entering into agreements and commitments regarding data confidentiality between EY and the Personal Data Processor, selecting partners as Personal Data Processors with clear responsibilities, and engaging only with partners who have appropriate safeguards in place and comply with applicable legal regulations.

8. How long EY Processes and Retains Your Personal Data

8.1. Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Purpose to which EY Processes Your Personal Data”.

8.2. Subject to the specific Processing activity, your Personal Data may be Processed by EY following the provision, collection and ends upon completion of the Processing in accordance with the Processing Purposes or until the Personal Data has been deleted according to applicable regulations.

8.3. In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archiving and historical purposes we need to retain information for significant periods of time.

9. Your rights and obligations

9.1. Your rights

9.1.1. You have the following rights with respect to your Personal Data, unless otherwise provided by law:

Right to be informed: You have the right to be informed about the processing of your Personal Data.
Right to consent: You have the right to consent or not consent to the processing of your Personal Data, except in cases where the law permits the processing of Personal Data without your Consent (as listed in Section 5.1 of this Notice).
Right to access: You have the right to access, view, edit, or request corrections to your Personal Data.
Right to withdraw Consent: You have the right to withdraw your Consent.
Right to erasure: You have the right to delete or request the deletion of your Personal Data.
Right to restrict processing: You have the right to request restrictions on the processing of your Personal Data. The restriction on processing your Personal Data will be implemented within 72 hours following a valid request from you for all Personal Data you request to restrict.
Right to data portability: You have the right to request your Personal Data be provided to you.
Right to object to processing: You have the right to object to the processing of your Personal Data to prevent or limit its disclosure or use for advertising or marketing purposes. We will comply with such a request within 72 hours of receiving a valid request from you.
Right to lodge complaints, denunciations, or lawsuits: You have the right to lodge complaints, denunciations, or initiate legal proceedings in accordance with the law.
Right to claim compensation for damages: You have the right to claim compensation for damages in case of violations of regulations on the protection of your Personal Data.
Right to self-protection: You have the right to protect yourself in accordance with the Civil Code, current Vietnamese laws on personal data protection, and other relevant regulations, and to request competent authorities or organizations to implement measures to protect your civil rights.

9.1.2. Exercising any of the above rights, such as withdrawing Consent, requesting deletion, restricting or objecting to the processing of your Personal Data, or exercising other rights, may affect EY’s ability to take necessary actions to achieve the Processing Purposes, enter into contracts with you, or fulfill its obligations to you under any contracts or agreements. We will not be liable to you for any losses arising in connection with your exercise of any of the above rights.

9.1.3. To verify the validity of a Data Subject’s request to exercise their rights, we will conduct a two-factor verification process (including verification of the requester’s identity and authority, as well as verification of the request’s content) in accordance with applicable legal regulations. For clarity, we reserve the right to refuse to comply with requests from Data Subjects in certain cases, including but not limited to the following:

The Data Subject fails to follow the procedures or guidelines provided by us;
The Data Subject does not provide or provides incomplete documents or information to verify their identity;
Where we assess there are indications of fraud or violations regarding the protection of Personal Data; or
The law does not permit the fulfillment of the Data Subject’s request.

9.2. Your obligations

9.2.1. As a Data Subject, you have the following obligations with respect to your Personal Data:

Protect your own Personal Data and request other relevant organizations or individuals to protect your Personal Data. If your Personal Data is disclosed due to your carelessness or any fault on your part, you must accept the risks and potential damages that may arise;
Respect and protect the Personal Data of others;
Provide complete and accurate Personal Data to EY when consenting to the processing of your Personal Data;
Participate in promoting and disseminating skills for protecting Personal Data;
Promptly update EY if there are any changes to the Personal Data you have provided;
Provide legally valid documents when requested by EY to prove that you have obtained the necessary Consent and permissions before providing the Personal Data of other individuals to EY (in cases where you act as the Personal Data Controller);
Comply with legal regulations on the protection of Personal Data and participate in preventing and combating violations of Personal Data protection regulations;
Other obligations as stipulated by law.

10. How We Process Personal Data

10.1. After collecting Personal Data, EY will carry out one or more processing activities as appropriate, such as collecting, recording, analyzing, verifying, storing, modifying, disclosing, combining, accessing, retrieving, withdrawing, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data, or other related actions to achieve the Processing Purposes or to fulfill your requests to exercise your rights (e.g., the right to edit, update, provide, or restrict the processing of Personal Data, etc.) in accordance with applicable legal regulations.

10.2. We may process your Personal Data without your Consent in the following cases. We will notify you of the Personal Data processing activities prior to proceeding, as required by law:

In emergency situations where immediate processing of relevant Personal Data is necessary to protect your life, health, or that of others;
The disclosure of Personal Data as required by law;
The processing of data by competent state authorities in cases of emergencies related to national defense, national security, social order and safety, major disasters, or dangerous epidemics; when there is a threat to security or national defense but not yet to the extent of declaring a state of emergency; or for the prevention and combating of riots, terrorism, crime, and legal violations as stipulated by law;
To fulfill your contractual obligations with relevant agencies, organizations, or individuals as prescribed by law;
To serve the activities of state agencies as stipulated by specialized laws.

11. Consequences, Unwanted Damages, and Complaints

EY is committed to making every effort to ensure that your Personal Data is protected to the fullest extent in accordance with applicable legal regulations, this Notice, or other internal EY policies on Personal Data protection. However, EY cannot completely and absolutely eliminate all risks to Personal Data during processing. The transmission of information over the Internet or EY’s internal information systems carries certain inherent risks arising from force majeure events or cybersecurity incidents, such as unauthorized cyberattacks, cyberterrorism, cyberespionage, which may disrupt data processing or lead to the leakage of Personal Data. In such cases, we will immediately take necessary actions to prevent, mitigate, and minimize any potential unwanted damages to Personal Data, while cooperating with competent authorities to address the violations. You also agree that, to the extent we have applied reasonable measures to prevent these risks, we will not be liable for compensating damages caused by the actions of any third party that adversely affect your Personal Data, provided such actions are not due to EY’s fault.

12. Contact with EY

If you have any questions, requests for assistance, concerns, or complaints related to EY’s processing of your Personal Data, or if you wish to exercise your rights as a Data Subject, please contact us at:

Personal Data Protection Department

Email: eyhcmc@vn.ey.com

13. Effect of This Notice

13.1. This Notice takes effect from July 1, 2023, and may be updated, amended, or supplemented by us from time to time. Any changes will be publicly announced on our website at https://www.ey.com/en_vn and/or communicated to you through appropriate contact channels.

13.2. We may modify, update, or adjust the contents of this Notice at any time as necessary. Any additions or amendments to the Notice will be published on our official website.

13.3. If you have any questions, requests for assistance, concerns, or complaints related to EY’s processing of your Personal Data, or if you wish to exercise your rights as a Data Subject, please contact the person you regularly deal with at EY or our Personal Data Protection Department using the contact details provided in Section 12 of this Notice.

ANNEX 1 - DEFINITIONS AND INTERPRETATIONS

In this Notice, unless otherwise expressly provided, the following terms shall have the meaning as follows:


Personal Data Controller	An organization that determines the purposes and means of processing Personal Data.
Personal Data Controller cum Processor	An organization that simultaneously determines the purposes and means of processing Personal Data and directly processes it
Personal Data Processor	An organization that processes data on behalf of the Personal Data Controller under a contract or agreement with the Personal Data Controller.
EY Network Firms	Any company, partnership, or other entity or organization recognized at any given time as a member of Ernst & Young Global Limited under the regulations of Ernst & Young Global Limited or any of the network of companies including Ernst & Young Global Limited, EYGN Limited, EYGM Limited, EYGS LLP, EYGI B.V., EY Global Finance, Inc., and their member firms. This also includes any company controlled by, under common control with, or controlling such a company, or any company, partnership, or other business entity that is a member or subsidiary of such a company, or directly or indirectly a majority-owned or controlled subsidiary of such a company, as well as any partners, directors, employees, or agents of such companies. For the purposes of this definition, “control” means (a) direct or indirect ownership of capital securities enabling the exercise of at least 50% of voting rights; or (b) direct or indirect ownership of the right to direct or cause the direction of the management and policies of such a company, whether through ownership of securities, by contract, or otherwise.
Data Subject	The individual whose identity is reflected by the Personal Data, as specified in Section 1 of this Notice.
Personal Data	Information in the form of symbols, text, numbers, images, sounds, or similar forms in an electronic environment that is associated with a specific individual or helps identify a specific individual. Personal Data includes Basic Personal Data and Sensitive Personal Data. Information that identifies a specific individual: Information generated from an individal’s activities that, when combined with other stored data or information, can identify a specific individual
Processing Purposes	The purposes for processing Personal Data specifically listed in Section 2 of this Notice
Support Providers	Internal support services used by members of the EY Network, including but not limited to (a) general office support; (b) accounting and financial support; (c) network coordination; (d) information technology functions, including business applications, system and security management, data storage, and recovery; and (f) conflict checks, risk management, and quality assessments.
Consent	The clear, voluntary, and affirmative expression by the Data Subject allowing EY to process their Personal Data. Consent may be provided in writing, by voice, by checking a consent box, via a text message syntax, by selecting technical consent settings, or through another action indicating agreement, in a format that can be printed or reproduced in writing, including electronically or in a verifiable format. EY may obtain the Data Subject’s Consent for processing Personal Data through a consent letter, online methods (e.g., the Data Subject clicking and checking a box to confirm agreement with the selected Processing Purposes and other contents of this Notice), or other methods compliant with legal regulations.
Event	Events organized or co-organized by EY, including but not limited to meetings, events, seminars, symposiums, training sessions, workshops, courses, sports events, entertainment, travel, gatherings, or similar events, whether limited in attendance, fee-based, requiring registration, or held in any format.
Children	Individuals under 16 years of age
Processing	One or more activities affecting Personal Data, such as collecting, recording, analyzing, verifying, storing, modifying, disclosing, combining, accessing, retrieving, withdrawing, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data, or other related actions.
Internal Support Services	Support services used by EY, including but not limited to administrative support, accounting and financial support, network coordination, information technology functions (including business applications, system and security management, data storage and recovery), conflict checks, risk management, quality assessments, and fulfillment of professional obligations.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Highlights

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Notice on Personal Data Protection Policy And Personal Data Processing

Introduction

1. Personal Data that EY collects from You

Insights

Highlights

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Notice on Personal Data Protection Policy And Personal Data Processing

Introduction

1. Personal Data that EY collects from You

Visitors to ey.com

Entrepreneur of the YearTM

Clients

Individuals whose personal data we obtain in connection with providing services to our clients

Insolvency services

Contacts in our customer relationship management (CRM) systems

Participants of EY meetings, conferences, event and learning sessions

Participants of EY virtual meetings

Individuals who use our applications

Individuals who visit our social media sites, social media plugins and tools

Individuals who correspond with EY via email

Individuals who correspond with EY via voicemail services

Job applicants

Alumni

Suppliers

EY/Ethics

Visitors to EY offices