- IntroductionThis Privacy Notice is intended to describe the practices which EY follows in relation to the GigNow system (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.
- Who manages the Tool?“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity, and each of which can act as a data controller in its own right. The entity that is acting as data controller by providing this Tool on which your personal data will be processed and stored is EYGM Limited, an EY global entity.
The personal data which you provide in the Tool may be shared by EYGM Limited with one or more member firms of EYG located throughout the world (see “Who can access your information” section below).
The Tool is hosted on servers that are located in Ireland and the Netherlands.
- Why do we need your information?The purpose of the Tool is to help EY source, match, and engage contingent workers to open positions.
Your personal data processed in the Tool is used as follows: to assess suitability of candidates, select appropriate candidates and on-board contingent workers to and from EY assignments.
EY relies on the following basis to legitimize the processing of your personal data in the Tool: processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interests pursued are Human Resource management, in particular recruitment.
The provision of your personal data to EY is optional, however, please be aware that if you do not provide us with all or part of your personal data, we may not be able to carry out the purposes for processing which are set out above.
In addition, the Tool uses your browser’s local storage to store an encrypted web token. This token saves your GigNow identity on your browser. With it, we can keep track of who you are across browser sessions and give you the personalized site experience that matches your user type. Without it, we wouldn’t be able to tell who you were across browser sessions – meaning that you would have to log in every time you refreshed the page. By navigating on the Tool, you agree that we can place web tokens on your computer or device. If you prefer not to receive web tokens, then you should stop using the Tool, or consult your browsing settings. If you want to clear your local storage, use your browser settings to clear the cache / locally stored data for the Tool.
- What type of personal data is processed in the Tool?The Tool processes the following categories of personal data:
The Tool processes the personal information of candidates who upload their resumes into the Tool, including: name (first, last); email address; phone number; address; photo (headshot) – optional; education details; previous occupation; previous employer; resume; skills; desired rate/compensation; certifications; current location; work location preference (e.g., remote); work visa status; availability for next contingent role; recruiter notes (which may be populated by EY and third party recruiters to document conversations and interviews with you); and any other information which candidates provide voluntarily for the purposes of an application.
This data is sourced from resumes and applications which are provided to EY by candidates using the Tool.
- Sensitive Personal DataSensitive personal data is data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via the Tool, and it is not the intention of the Tool to process such information. Candidates should not include any sensitive personal data in their applications, and recruiters should not include any sensitive personal data in their notes.
- Who can access your information?Your personal data may be accessed in the Tool by the following persons/teams:
The access rights detailed above may involve the transfer of personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.
- EY Recruiters, including third-party recruiters working on their behalf (located globally) – the individuals who post jobs, review candidate applications and add interview notes. Recruiters have access to the personal data of applicants and candidates who are either located in, or applying for a position in, the same country as the recruiter;
- EY Hiring Managers (located globally) – the individuals who create job requirements and add interview notes. Hiring managers have access to the personal data of applicants and candidates who are either located in, or applying for a position in, the same country as the hiring manager];
- EY GigNow Team – the team responsible for technical support and for managing access rights for the Tool. This team may need access to your personal data in order to perform their functions but will not use your data for any other purpose;
- Algolia – a third party hosted search service, which indexes all data in the Tool to enable users to search the tool and optimise their experience;
- Daxtra – a third party hosted search service, which conducts resume parsing for candidate resumes;
- You – You will be able to access your own information on the Tool; and
- We may also disclose data in order to comply with our legal, regulatory obligations or professional standards, in response to a non-mandatory request for information made by a governmental or state body, or as part of an investigation of unlawful activity.
- Data retentionThe policies and/or procedures for the retention of personal data in the Tool are as follows:
All data submitted in the Tool, unless deleted earlier at written request, will be retained for a period expiring on the later to occur of: (a) 3 years following the expiration of the term of your contingent role, and (b) 3 years following the last date of activity related to your account on the Tool (as such period may be amended to ensure compliance with applicable laws and regulations – this includes Germany, Switzerland and Austria, where any data relating to the applicants will be retained for six months following the last contact with the applicant).
After the end of the data retention period specified in the policies and/or procedures set out above, your personal data will be deleted.
- SecurityEY is committed to making sure that your personal data is kept secure. In order to prevent unauthorized access or disclosure, EY has put in place appropriate technical and organizational measures to safeguard and secure your personal data. All EY personnel and any third parties which EY engages to process your personal data are obliged to respect the confidentiality of your data.
- Controlling your personal dataEY will not sell, distribute or lease your personal data to third parties (other than those parties referred to in section 6 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of the personal data which EY holds about you.
If you would like to obtain confirmation as to whether or not your personal data is processed in the Tool or if you would like to access your personal data in the Tool, please contact us via firstname.lastname@example.org.
- Rectification, erasure or restriction of processingEY provides you with the ability to make sure your personal data is accurate and up to date. You can request rectification, erasure or restriction of processing of your personal data by sending an e-mail to email@example.com. We will use reasonable efforts to contact you regarding your request.
- ComplaintsIf you are concerned about an alleged breach of privacy law or any other regulation by EY, you can contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at firstname.lastname@example.org. An EY Privacy Officer will be made available to investigate your complaint and give you information about how it will be handled and resolved.
If you are not satisfied with the way in which EY has resolved your complaint, you have the right to complain to the data protection authority in your country. You may also refer the matter to a court of competent jurisdiction.
- Contact usIf you have questions or you do not feel that your concerns have been addressed in this Privacy Notice, please contact your usual EY representative.