Mobility Hub

Privacy Policy


Privacy Notice – Mobility Hub Tool


  1. Introduction


    This Privacy Notice is intended to describe the practices EY follows in relation to the Mobility Hub (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.

  2. Who manages the Tool?


    “EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing this Tool on which your personal data will be processed and stored is EYGM Limited, an EY global entity.

    The personal data in the Tool is shared by EYGM Limited with one or more member firms of EYG (see “Who can access your personal data” section below).

    The Tool is hosted on an EY Managed MS Azure Data Centre in the UK.

  3. Why do we need your personal data?


    The Tool is a digital platform designed as a ‘one-stop shop’ for our clients to access a number of our Mobility tools.
    Your personal data processed in the Tool is used as follows:
    Personal data is used to authenticate approved users so that they can access the Tool, and to integrate data sets from each respective PAS Mobility service line to allow a unified and comprehensive view of a user’s services.
    EY relies on the following basis to legitimize the processing of your personal data in the Tool:
    Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest pursued is conducting client engagements.

  4. What type of personal data is processed in the Tool?


    The Tool processes these personal data categories:

    • First Name
    • Last Name
    • Email ID
    • Alternate email
    • Client ID
    • Assignment ID
    • Assignment Grade
    • Assignment Policy
    • Home Country
    • Host Country

    This data is sourced as follows: Personal Data is provided directly by EY Partners, employees or contractors. It also provided by the client emailing an EY Local Team or EY Coordinating Team with a new request or providing information in respect to an existing request and may be sourced from EY GlobalOne and input manually by EY personnel.

  5. Sensitive personal data


    Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

    EY does not intentionally collect any sensitive personal data from you via the Tool. The Tool’s intention is not to process such information. Accordingly, you should not enter any sensitive personal data into any free text boxes within the Tool.

  6. Who can access your personal data?


    Your personal data is accessed in the Tool by the following persons/teams:

    USER GROUP (NUMBER IN ROLE) LOCATION PURPOSE ACCESS
    EY LOCAL TEAM Global Review requests to submit Create/edit/delete
    EY COORDINATING TEAM UKI & India Coordinating client use of site. Create, view, edit, delete, bulk uploads (no ability to create, delete, or bulk upload clients)
    EY BILLING TEAM UKI & India Begin billing process Read
    SUPER USER UKI & India Overall administration of the site Create, view, edit, delete, bulk uploads
    CLIENT CORPORATE TEAM Global To view reports. Read Only


    The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). An overview of EY network entities providing services to external clients is accessible here (See Section 1 (About EY) - “View a list of EY member firms and affiliates”). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.

    We transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.

    For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law. The transfer of personal data from the Tool to Microsoft Azure is governed by the Privacy Shield certification of Microsoft Azure and by an agreement between EY and Microsoft Azure that includes standard data protection clauses adopted by the European Commission.

  7. Data retention


    Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Why do we need your personal data”. Retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.

    In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights and for archiving and historical purposes, we need to retain information for significant periods of time.

    EY standard retention policy is that we should retain data for seven years prior to it being destroyed. Data can be deleted at the request of the client. From a technical point of view, we can extend standard retention policies and keep the archives for many years, we would just need to enable such functionality from a SQL/CTP/Azure perspective, again at the request of the client.

  8. Security


    EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our Protecting your data brochure.

  9. Controlling your personal data


    EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.

    You are legally entitled to request details of EY’s personal data about you.

    To confirm whether your personal data is processed in the Tool or to access your personal data in the Tool or (where applicable) to withdraw your consent, contact your usual EY representative or email your request to global.data.protection@ey.com.

  10. Rectification, erasure, restriction of processing or data portability


    You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com.

  11. Complaints


    If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.

    If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.

    Certain non-European EY network entities that are subject to the EU General Data Protection Regulation (GDPR) have appointed a representative in the EU. Further information and the contact details of these representatives are available here.

  12. Contact us


    If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.


Cookie Policy

  • This website "ey.com" uses cookies, pixel tags, Web Beacons and other web technologies such as CAPTCHA’s to improve the website’s performance and to enhance your browsing experience. Certain areas of the website also use cookies to understand more about you, so we can offer you a more personalised browsing experience.

    You can find out more about cookies and how to manage them at https://www.ey.com/en_gl/cookie-policy. You can change your cookie settings and disable some or all cookies for this website at any time at https://www.ey.com/en_gl/cookie-settings. You can also change your browser settings so that cookies from the website cannot be placed on your device.

    If you have any questions in relation to the cookies we use please contact us.