Data Protection Declaration

The global EY organization refers to all member firms of Ernst & Young Global Limited (EYG). Each EYG member firm is a separate legal entity and has no liability for another such entity’s acts or omissions.

With regard to the personal data provided by a visitor to www.ey-innovalue.de (“our website”), EY Parthenon Financial Services GmbH (“EY”) is the entity responsible for collecting and processing these data.

In this declaration, personal data are defined as data that refer to a natural person and identify, either directly or indirectly, this natural person, such as your name or contact details. If you have any questions about the processing of your personal data please contact us or your regular contact person at EY.

Here we describe how we respect the privacy of all visitors to this website. EY attaches considerable importance to legitimate data processing in order to protect your personal data. We believe that we all benefit from a free flow of information as long as the corresponding data are gathered and used in a responsible manner.

Please contact us if you have any questions or concerns not addressed by our data protection declaration.

 

Recording, use, distribution, options

You do not have to register to use this site. If you merely access our website, we will not record any personal data. However, as described below, certain information is generated through the use of cookies.

You may, however, wish to register to receive regular up-to-date information from EY. We invite registered users to special events, provide them with information about our services, publications and products or contact you for other marketing purposes.

Data recorded during registration are protected by the standard encryption technology during transmission. For example, registration is required for the following services:

1. Email notifications
   EY offers visitors to its website an email notification service (email alerts). Subscribers are informed by email of new content on ey.com. Only basic information, such as your name and email address, are required for registration.
2. Surveys
   EY occasionally carries out surveys on its website. Survey participants may be asked to provide personal data (name, contact details, etc.) in addition to their opinion or feedback. The type of data recorded depends on the survey.
3. Registration for events
   EY accepts registrations for events through its own website or third-party websites. Personal data may be obtained together with the registration forms for the events. The type of data being recorded depends on the event. EY may disclose the data of the registered persons to third parties in connection with the event. “Third parties” may be hotels, sponsors or co-sponsors, hosts, organizers (including those reached through the websites of third parties), speakers and participants in discussions. Please see the information on the individual events to find out how your data are used.
4. EY Alumni network
   All personal data that a former employee transmits to EY are mainly used to keep in contact with this former employee and are not forwarded to third parties without their explicit consent.
5. EY Client Portal
   If you have obtained access to the EY Client Portal from your contact person at EY, we recommend that you read the full data protection declaration related to this service. You can view the declaration during registration for the EY Client Portal.

If you log on to our website your personal data are stored in our customer relationship management (CRM) system. Data of registered users who do not actively use our website for 18 months are deleted from our CRM system.

Other retention periods apply for the careers page on our website, your registration for events, the EY Alumni portal and EY Client Portal. You can find these in the respective data protection declarations on the corresponding websites.

If you have unsubscribed from EY publications, we retain your contact data in our opt-out list to prevent you from receiving further publications from EY.

For applicants

In connection with job advertisements at EY we collect personal data from and about applicants. The personal data recorded, how it is used and when it is recorded varies according to the country in which you send an application. In general, the personal data recorded for our applicants include CVs, academic documents, professional background, information on employment relationships and certificates.

We use your personal data in order to compare your skills, experience and training with the jobs offered by EY. During the application process, your personal data will be shared with EY Parthenon GmbH in order to factor in the data for the open positions in that entity. The personal data are shared with the responsible HR manager and the persons involved in the selection process, in order to decide whether you should be invited to an interview. If you are invited to an interview (or a comparable meeting), EY will record additional information. This includes recordings from the interview, evaluation results, feedback and offer details. Your personal data can be shared with other firms in the global EY network, if your profile could be of interest to another EY firm.

In connection with our recruiting measures, including applications and onboarding, we also record special types of personal data from candidates, as we are obligated to do under labor law. If legally permissible, we will record information on a person’s health restrictions, for example, so as to analyze the diversity of our workforce. In addition, we will have to review whether specific candidates are eligible for employment at EY or to serve EY clients with respect to potential prior convictions. In some countries, we will also ask candidates to provide diversity-relevant information on their racial and ethnic origin and sexual orientation. This information enables monitoring of diversity and is disclosed voluntarily.

However, we may be legally required to assess these criteria ourselves in the event that the candidate does not volunteer this information. Depending on the country of application, EY records personal data on candidates (“you” or “your”) from the following sources:

• Directly from you – e.g., information you provide us on a direct application or through personnel service providers – e.g., if a personnel service provider contacts us to suggest you as a potential candidate
• From publicly available online sources – e.g., if you have published your career profile online (for example on your current employer’s website or on a professional network website such as LinkedIn)
• Via recommendation – e.g., through recommendations from a former employee or employer or one of the referees provided by you
• Results of any necessary background check

We store your personal data for as long as the application process lasts and delete it six months after the rejection.

The processing of personal data of job applicants is based on the following legal principles: 

• explicit consent of the applicant
• our legitimate interest in looking for, identifying and acquiring talented professionals
• our legitimate interest in processing and managing applications for positions at EY – including reviewing and selecting applicants
• our legitimate interest in recruiting and hiring applicants by making successful candidates a job offer and carrying out assessments prior to the personal interview
• our legitimate interest in administering our job portals (including performing statistical analyses)
• compliance with statutory or official obligations (by conducting background checks to guarantee an applicant’s ability to work)

 

Sensitive personal data

EY does not engage in the targeted collection of special types of personal data via this website unless we are legally obliged to, for example, in connection with an application for a position. Special types of personal data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning a natural person’s sex life or sexual orientation, and in some cases social security numbers or financial data.

 

Security

EY ensures the confidentiality and security of any information used in the course of business activities. Access to these data is restricted and we use technical and organizational safeguards to protect the data from loss, misuse and improper disclosure.

 

Disclosure

We can therefore disclose your personal data for the following reasons:

• if the transfer of the data is required to process your request and this includes another company with which EY has a relationship (see the section “Links to third parties” below); or
• to process a request that relates to more than one EY member firm; or
• if you, as a visitor to this site, expressly wish it; or
• if this is necessary due to a court order or other legal or regulatory requirement; or
• if disclosure is reasonably made in connection with the sale or other disposal of our entire firm of part thereof.

EY may use external service providers that support us, for example, with information technology services and other administrative support services related to the operation of our website.

 

Transmission of personal data

EY has a comprehensive global data protection program comprising EU-approved Binding Corporate Rules and certification according to the rules of the EU-US Privacy Shield and the Swiss-US Privacy Shield, both administered by the US Department of Commerce. Please see the section on our Binding Corporate Rules on our website for more information. See the Privacy Shield Data Privacy Statement for more information on how EY implements the Privacy Shield framework. EY will only disclose your personal data to third parties that have provided written assurance that they ensure an appropriate level of data protection.

 

Control of your personal data

EY does not record or collect any personal data made available to us through our website to disclose or sell it to third parties for marketing purposes or to use for host mailings on behalf of third parties.
You have the right to request information about any of your personal data that we have stored. EY makes it possible to rectify and update your personal data. Please contact us if you would like EY to rectify or erase your personal data, if you would like to restrict EY’s processing of your personal data, if you require a confirmation of whether or not your personal data are being processed by EY, if you would like access to your personal data, if you would like to assert your right to data portability or if you would like to revoke your consent to processing.

 

Links to third parties

Please note that our website can contain links to other websites that are not bound by this data protection declaration. Visitors to our site can be forwarded to sites of third parties to learn more about our thought leadership, events, content sponsoring, vendor services, our involvement in government agencies, charitable organizations, social networks, etc. EY does not make any warranty or representation with regard to the storage of user data or their use on the servers of third parties. We recommend that you read the data protection policies of all third-party sites linked to our website to learn how they use your personal data.

 

Cookies and web beacons

Our website uses cookies and web beacons and other internet technologies such as captchas for an optimized display and enhanced user-friendliness. Cookies are also used in certain areas of our website to enable us to understand your interests better and provide you with a customized web offering.

What is a cookie?

A cookie is a file which our website uses to store information (as an identifier) on your computer’s web browser. These cookies are only used when you access our website. Cookies are not used to identify individuals who merely visit our website. We use cookies to learn about the behavior of our visitors and their preferred location and language. This enables us to immediately redirect our visitors to the correct homepage for their country when they access our website.

Cookies have other uses as well. For example, on the Thought Center webcast page (webcast area), they enter the registration data for registered users who have activated the auto login function. Cookies also prevent one person from participating more than once in an online survey.

Cookies are used on certain pages of our website to learn about your interests with regard to internet use. They allow us to understand what is important to you and to better adapt our content to your needs.

How can I deactivate cookies?

If you do not wish to accept cookies on our website you can deactivate them in your browser settings. If you do not know how, you can find information in the help function in your browser or ask your browser provider. Please note, however, that you will not be able to use the full range of our website’s functions if you have deactivated cookies in your browser. This includes, for example, the auto login and other customized functions of our webcast area.

What cookies do we use?

Depending on their function, the cookies used by our website belong to one of the following four categories:

1. Basic/essential cookies
   Some of the cookies used are fundamental to the functioning of our website. This relates, e.g., to the storage of your login data for certain areas of our website.
2. Performance cookies
   Some cookies support the performance and design of our website. For example, we can find out how often a page has been visited or whether a certain page of our website has been accessed via an advertising banner or other medium.
3. Functionality cookies
   Some cookies help us to save the settings selected by you or support other functions as you navigate through our website. They help us remember your selection and preferences for your next visit.
4. Targeting and tracking cookies
   We use cookies on certain pages of our website to better understand your interests with regard to internet use. This enables us to offer you a customized service in the future, for example, we can show you content relevant for you in connection with campaigns on third-party websites. These cookies collect information about where you started your visit, whether you were shown content from EY, which specific advertising media you viewed, whether you accessed our website directly or indirectly, what kind of device you used when visiting our website and what you downloaded. This information is collected anonymously by third-party providers. On certain pages of our website, we also use cookies to communicate with external data providers in order to make deductions about your user behavior. This allows us to better target the information we offer you in the future. The information we receive is aggregated and anonymous, but contains demographic data and other statistical information about user behavior, product interests, lifestyle, etc. Targeting and tracking cookies are provided by reliable third-party providers. Please contact us if you wish to learn more about the providers and how these cookies work.

What are web beacons?

EY occasionally advertises on third-party websites. To gauge the efficiency of our advertising campaigns, we occasionally use identification technologies, such as web beacons or action tags. This allows us to count the number of visitors to our website that have accessed the website due to an advertising banner from EY on a third-party website.

We do not use this method to access your personal data, but merely to compile statistics on visitors to our website and to assess the efficiency of our advertising.

By using our website, you consent to our placing cookies and web beacons on your computer or mobile device. If you do not wish to receive cookies or web beacons, you should leave our website or check your browser settings.

 

Google Analytics

This website uses Google Analytics, a web analytics service of Google Inc. (Google). Google Analytics uses cookies, small text files that are saved on your computer and allow us to analyze how you use the website. The information on your use of the website generated by the cookie is normally transmitted to a Google server in the US and stored there. However, if IP anonymization has been activated on this website, Google first truncates your IP address within EU Member States or in other Contracting States of the Agreement on the European Economic Area before doing so. In isolated cases, the full IP address is transferred to a server in the US and truncated there. Google uses this information on behalf of the operator of the website to analyze your use of the site in order to compile reports on the website activities and provide further services to the website operator associated with use of the website and the internet. The IP address transmitted from your browser for use by Google Analytics will not be combined with other data from Google. You can prevent cookies from being stored on your computer by changing the settings in your browser software; however, please note that if you change the settings you may not be able to use all of the website’s functions. You can also avoid data generated by the cookies and related to your use of the website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plug-in available here: http://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent data from being recorded by Google Analytics by clicking on this link. An opt-out cookie will then be saved that prevents your data from being recorded when you visit this website in the future:

Deactivating Google Analytics

You can find more information on the terms and conditions of use and data protection here: http://www.google.com/analytics/terms/de.html or here: https://www.google.de/intl/de/policies/. Please note that the code “anonymizeIp” was added to Google Analytics on this website to ensure an anonymized recording of IP addresses (IP masking).

 

Social media platforms

EY offers social media services on various platforms, such as blogs, forums, Wikis, which you might wish to use. These platforms are primarily aimed at making content easier to access and share with other internet users.

In this context, we wish to point out that EY accepts no responsibility for any kind of misuse of these personal data by third parties.

With regard to links to social media platforms of third-party providers or private individuals that are managed on separate servers, EY has no control over how the content provided there is displayed and used. EY accepts no responsibility for the accuracy and use of content provided on these servers. A link to a third-party website is not a recommendation or endorsement by EY of the respective third party or the third party’s products and services.

EY accepts no responsibility for the storage and/or use of user data on the servers of third-party providers. We recommend that you familiarize yourself with the data protection policies of the respective third-party providers whose sites we link.

 

Children

This data protection declaration does not include the use of our website by children. We are aware of the importance of protecting information about children, particularly on the internet. We therefore do not knowingly record or maintain data on children.

 

Amendments to this policy

EY can amend this data protection declaration if required. If amendments are made to the declaration, it can take up to 30 business days to implement new data protection processes. Please visit this site regularly to find out about any amendments.

 

Unsubscribe

EY lets you choose whether we record and use your personal data. If you have registered at ey.com for an information service containing the latest news and wish to no longer receive emails from us in the future, you may unsubscribe from this service at any time.

 

Complaints

If you believe that the data protection regulations or any other law is infringed by EY, you can contact your regular contact person at EY in your country or EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, UK. A privacy officer from EY will be assigned to you to investigate your complaint and inform you of the next steps.

If you are not happy with the response from EY to your complaint, you may file a complaint with your local data protection authority. You may also refer the matter to a court of competent jurisdiction.

 

Contact information

If you have any questions or concerns that you believe are not covered by this data protection declaration, please contact us or your regular contact person at EY.

 

Further information

Please read our notes to the user to learn more about the scope of application of this data protection declaration.

Privacy information for data subjects

EY implements the requirements of the European General Data Protection Regulation (GDPR) and other legal requirements for the protection of personal data. In particular, technical and organizational safeguards that comply with the current security standards have been implemented.

The following privacy notice provides information on how EY processes personal data as part of our general business activities and in order to provide services to our clients as well as on the rights of data subjects.

1. Who is responsible for processing the data?

EY-Parthenon Financial Services GmbH
Heimhuder Strasse 69
20148 Hamburg
Telefon: +49 40 36132 32222
E-Mail: contact.fso@parthenon.ey.com

2. How do I contact the data protection officer?

Confidentially, for the attention of the data protection officer
either at the postal address stated under 1
or via email (datenschutz@de.ey.com).

3. What personal data do we process?

The term “personal data” used in this document refers to personal data as defined in Art. 4 No. 1 GDPR. It means any information relating to a natural person and that can be used to identify this person either directly or indirectly.

As part of our general business activities and in order to provide services to our clients, we normally process contact details such as name, address, telephone number and email address, information such as bank account and payment information and, if appropriate, further information on personal and professional circumstances if relevant for the services.

4. For what purpose do we process personal data and on what legal basis?

We process personal data as part of our general business activities and in order to provide management advisory services to our clients under one of the following legal bases:

1. Compliance with contractual obligations (Art. 6 (1) Sentence 1 (b) GDPR)
   Personal data are processed in order to perform a contract or take steps prior to entering into a contract with a natural person. The scope and details of the data processed depend on the respective contract and, where appropriate, the related terms and conditions.
2. Compliance with legal requirements (Art. 6 (1) Sentence 1 (c) GDPR)
   EY can be subject to legal requirements which may give rise to an obligation to process personal data. Under these requirements, EY is obliged in particular to properly store and document all services and archive documents and work products in related IT systems and, if required, also in paper form.
3. Safeguarding of legitimate interests (Art. 6 (1) Sentence 1 (f) GDPR)
   As part of its general business activities and in order to provide services to our clients, EY processes personal data based on a balancing of interests provided these are not overridden by the legitimate interests of the data subjects. A relevant specific interest of EY in this context is the performance of contractual obligations to the client. EY processes personal data made available by the client only to the extent that this is actually necessary for the provision of the services.
   Safeguarding of the legitimate interests of the data subjects of EY’s data processing is significantly aided by the fact that all employees of EY are trained in compliance with the data protection requirements and are obligated to maintain the required confidentiality.
4. Consent of the data subject (Art. 6 (1) Sentence 1 (a), Art. 7 EU GDPR)
   If none of the legal bases specified in a) to c) apply, EY bases its processing of personal data on the informed consent of the data subject which it explicitly obtains from the latter. This is the case, for example, if a tool used directly by the data subject is employed for data processing.

5. To whom are personal data disclosed?

Personal data can be disclosed to the following recipients if required for achieving the purpose:

• Member firms of the global network of Ernst & Young firms You can find a list here: https://www.ey.com/uk/en/home/legal.
• If required, authorities, courts or other public bodies in Germany and abroad.
• Other IT service organizations and other service organizations (strictly for the specified purpose), such as hosting, cloud services, file destruction, archiving, specialist service organizations (e.g., in connection with tax advisory engagements), public relations (e.g., mailing of newsletters, client information, studies).

When service organizations are involved in EY’s data processing activities, EY’s high data protection standards are contractually transferred to the service organizations. Where processing is to be carried out on behalf of a controller pursuant to Art. 28 EU GDPR, standardized data protection contracts are agreed.

6. Are data transferred to a third country or an international organization?

Personal data are only transferred to countries outside the European Economic Area (EEA) if this is required for the engagement, based on consent, to comply with legal requirements (e.g., reviews of conflicts of interests under professional rules and ethics) or due to the involvement of processors.

For service organizations (including the use of cloud services) outside the EEA, the appropriate level of data protection required under EU data protection law will be ensured by complying with the provisions of Art. 45 et seq. EU GDPR.

The transfer of personal data within the global network of Ernst & Young firms is subject to the EY Binding Corporate Rules (available at www.ey.com/bcr).

7. How long are personal data stored for?

EY stores personal data for as long as they are required to perform the respective services or – if your personal data are subject to statutory retention requirements or part of documents that are subject to statutory retention requirements – for the duration of the statutory retention period (e.g., as set out in the WPO [“Wirtschaftsprüferordnung”: German Law Regulating the Profession of Wirtschaftsprüfer (German Public Auditors)], HGB [“Handelsgesetzbuch”: German Commercial Code], GwG [“Geldwäschegesetz”: German Anti-Money Laundering Act], KWG [“Kreditwesengesetz”: German Banking Act], WpHG [“Wertpapierhandelsgesetz”: German Securities Trading Act]).

The retention periods are 6 to 10 years in most cases; in justified cases (e.g., to preserve evidence), the retention period can also be longer (e.g., for limitation periods of up to 30 years, the standard limitation period being 3 years, however).

If the data are subject to more than one retention period, the longest period applies.

8. What data protection rights do data subjects have?

Data subjects are entitled to the rights set out under Art. 15 et seq. GDPR: The rights to obtain information about the processing of their personal data by EY (including the purposes of the processing, any recipients and the envisaged period for which the personal data will be stored), rights to the rectification of inaccurate data, erasure, restriction of processing and data portability as well as the right to object to processing for marketing purposes and legitimate interests due to processing.

Any consent granted to EY may be revoked at any time for future periods. To exercise these rights, data subjects can contact EY’s data protection officer (see no. 2). They also have the right to appeal to a data protection supervisory authority.