This Privacy Notice is intended to describe the practices Ernst & Young, LLP (“EY”) follows in relation to the EY financial wellness service website and mobile application (together the “Application”) with respect to the privacy of all individuals whose personal data is processed and stored in the Application. Ernst & Young LLP (“EY”) collects information about you when you use our Application, and when you provide information through any other interactions and communications you have with us (collectively, the “Services”). The Services are provided by EY, and this Privacy Notice (the “Notice”) applies to information collected and used by EY (referred to herein as “we”). By using the Services, you consent to the data practices described in this Notice.
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing this Application on which your personal data will be processed and stored is Ernst & Young, LLP.
The personal data you provide in the Application is shared by Ernst & Young, LLP with one or more member firms of EYG (see “Who can access your information” section below).
The Application is hosted on servers located in Virginia, USA, owned by Microsoft.
The Application’s purpose is to provide digital financial planning and education.
Your personal data processed in the Application is used as follows: EY collects and uses your personal information to operate the Application and deliver the services you have requested, to maintain quality of the Services, to provide general statistics regarding use of the Application, to determine what services are the most popular, and to deliver customized content and advertising within the Application to customers whose behavior indicates that they are interested in a particular subject area. EY may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
EY relies on your consent to legitimize the processing of your personal data in the Application. Providing your personal data to EY is optional, however, please be aware that if you do not provide us with all requested personal data, we may not be able to provide the EY financial wellness services.
We collect information you provide to us directly, such as when you create or modify your account, utilize the Services, contact customer support, or otherwise communicate with us, as well as information that your sponsoring organization provides to us via a data feed upon your registration for the services. This information may include: name, email address, home/work address, telephone number, gender, annual income, age/date of birth, financial goals, marital status, number of dependents, union membership status, employment status, job function, rank, employer group, benefit eligibility status, salary and rank, work location, and hire date.
We also collect data you provide by uploading relevant documents (e.g., bank statements and tax returns), which may include your and your dependents’ Social Security Numbers and dates of birth, as well as data you authorize EY to pull from your financial institution accounts for the purpose of presenting aggregated financial account data to you, such as financial account balances and partial account numbers.
We also collect information in the following general categories:
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
The following sensitive personal data is collected and processed in the Application:
Your personal data is accessed in the Application by EY personnel who have a business purpose for accessing it, such as the EY financial planner assisting you, and EY personnel involved in maintaining the EY financial wellness platform and service. All personnel who have access to the data have agreed to maintain the confidentiality of such information.
Additionally, your sponsoring organization may receive aggregated and de-identified data in order to understand usage and effectiveness of the program within your sponsoring organization.
Finally, several third party service providers may have access to your data:
The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). EY will process your personal data in the Application in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).
EY encourages you to review the privacy statements of sites linked to from the Application (e.g., benefits providers you have access to via your sponsoring organization-provided benefits) so that you can understand how those websites collect, use and share your information; EY is not responsible for the privacy statements or other content of such websites.
Your personal data will be retained in the Application for as long as EY provides services to you. After EY’s services to you have concluded, your data will be retained for 7 years on backup tapes stored on EY’s behalf by Vital Records, Inc., after which the data will be deleted. Your personal data will be retained in compliance with privacy laws and regulations.
EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of EY’s personal data about you.
To confirm whether your personal data is processed in the Application or to access your personal data in the Application, contact email@example.com or email your request to firstname.lastname@example.org.
You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting email@example.com or by sending an e-mail to firstname.lastname@example.org.
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at email@example.com or via firstname.lastname@example.org. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.