-
Login
1. Introduction
This Privacy Notice is intended to describe the practices EY follows in relation to the Learning Experience Platform (LXP) (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.
2. Who manages the Tool?
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller. The entity that is acting as data controller by providing this Tool on which your personal data will be processed and stored is EY Global Services Limited/EYGM Limited an EY global entity.
The personal data you provide in the Tool is shared by EY Global Services Limited/EYGM Limited with one or more-member firms of EYG (see “Who can access your information” section below).
The Tool is hosted on servers within the EY IT Infrastructure and externally in an EY Managed MS Azure Data Centre.
3. Why do we need your information?
The Tool allows for rapid development of training and content for clients, which is then served to them on a “smart” portal.
Your personal data processed in the Tool is used as follows: personal data is processed and used to create individual behavioral competency-based reports, and to create benchmark reports and thought leadership. Information used for such benchmark reports is de-identified and aggregated so that your personal information is not shared.
EY relies on the following basis to legitimize the processing of your personal data in the Tool: Your consent, and your use is meant to legitimize the processing of your personal data in the Tool to participate in learning events and training and the registration for the same.
The provision of your personal data to EY is optional. However, if you do not provide all or part of your personal data, we may be unable to carry out the intended purposes for processing.
4. What type of personal data is processed in the Tool?
The Tool processes these personal data categories:
• First name and last name
• UUID (unique user ID)
• Work email address
• Company name
• Work function
• Work rank
• Work role
• Self-assessment of knowledge of content
• Completion status of content
• Single Sign-on ID
• Login activity
• Test Results*
• Anonymized UUID may be shared with a third-party learning content provider to track learning completion status.
• *Self-assessment of knowledge of content and completion status of content are collected data points.
• This data is sourced from: EY Partners, employees or contractors and may be provided directly by clients.
• Updated references with changes:
5. Sensitive Personal Data
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via the Tool. The Tool’s intention is not to process such information.
6. Who can access your information?
Your personal data is accessed in the Tool by the following persons/teams:
LXP Editor:
User role has limited API access to edit content based on the course/page they are viewing. User needs read/write access to develop the courses.
Admin role has access to view all content and edit/remove records. (admins need access to delete read, write and delete records.
LXP Portal:
User role has login and access to learning objects assigned to them. Users need access to take the training and manage their content and to read and write limited account based data.
Admin role runs reports as well as manages user roles and access. Admins need access to read/write and access is based on privilege assigned by super admins.
Super admin have all access as well as ability to add/remove/edit content objects. These users have full access to act as system administrators, they ultimately are required to manage content and users. Users could be located anywhere based on the client need and type of deployment.
The access rights detailed above involve transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).
7. Data retention
The policies and/or procedures for the retention of personal data in the Tool are in accordance with the EY Records Retention Global Policy and the applicable Global Area, Region or Country Retention Schedule. Client Confidential Information is used for each engagement and then destroyed in line with the Contractual Retention Agreement. All data retention of date processed in the portal will be based on the client retention policies.
Your personal data will be retained in compliance with privacy laws and regulations.
After the end of the data retention period, your personal data will be deleted.
8. Security
EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.
9. Controlling your personal data
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of EY’s personal data about you.
To confirm whether your personal data is processed in the Tool or to access your personal data in the Tool, contact your usual EY representative or email your request to global.data.protection@ey.com.
10. Rectification, erasure, restriction of processing or data portability
You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com
11. Complaints
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.
12. Contact us
If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.