Privacy notice

1. Introduction

This Privacy Notice is intended to describe the practices Ernst & Young, LLP (“EY”) follows in relation to the EY financial wellness service website (the “Application”) with respect to the privacy of all individuals whose personal data is processed and stored in the Application. EY collects information about you when you use our Application, and when you provide information through any other interactions and communications you have with us (collectively, the “Services”).  The Services are provided by EY, and this Privacy Notice (the “Notice”) applies to information collected and used by EY (referred to herein as “we”). By using the Services, you consent to the data practices described in this Notice.

2. Who manages the Application?

“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing this Application on which your personal data will be processed and stored is Ernst & Young, LLP.

The personal data you provide in the Application is shared by EY with one or more member firms of EYG (see “Who can access your information” section below).

The Application is hosted on servers located in Illinois, USA, owned by Microsoft.

3. Why do we need your information?

The Application’s purpose is to provide digital financial planning and education.   

Your personal data processed in the Application is used as follows: EY collects and uses your personal information to operate the Application and deliver the services you have requested, to maintain quality of the Services, to provide general statistics regarding use of the Application, to determine what services are the most popular, and to deliver customized content and advertising within the Application to customers whose behavior indicates that they are interested in a particular subject area. EY may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

EY relies on your consent to legitimize the processing of your personal data in the Application. Providing your personal data to EY is optional, however, please be aware that if you do not provide us with all requested personal data, we may not be able to provide the EY financial wellness services.

4. What type of personal data is processed in the Application?

We collect information you provide to us directly, such as when you create or modify your account, utilize the Services, contact customer support, or otherwise communicate with us, as well as information that your sponsoring organization provides to us via a data feed upon your registration for the services. This information may include: name, email address, home/work address, telephone number, gender, annual income, age/date of birth, financial goals, marital status, number of dependents, union membership status, employment status, job function, rank, employer group, benefit eligibility status, salary and rank, work location, and hire date.

We also collect data you provide by uploading relevant documents (e.g., bank statements and tax returns), which may include your and your dependents’ Social Security Numbers and dates of birth, as well as data you authorize EY to pull from your financial institution accounts for the purpose of presenting aggregated financial account data to you, such as financial account balances and partial account numbers.

We also collect information in the following general categories:

1. Usage and Preference Information: We collect information about how you and Application users interact with our Services, preferences expressed, and settings chosen. In some cases, we do this through the use of cookies, pixel tags, and similar technologies that create and maintain unique identifiers.

2. Device Information: We may collect information about your mobile device, including, for example, the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, and mobile network information.

3. Log Information: When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and times, Application features or pages viewed, Application crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services.

4. Cookies: We may use both session cookies (which expire once you close your web browser) and persistent cookies to make the Service easier to use and to make our advertising better. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.

5. Sensitive personal data

Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

The following sensitive personal data is collected and processed in the Application:

  • Social Security Numbers 
  •  Trade union membership information
  • Financial information

6. Who can access your information?

Your personal data is accessed in the Application by EY personnel who have a business purpose for accessing it, such as the EY financial planner assisting you, and EY personnel involved in maintaining the EY financial wellness platform and service. All personnel who have access to the data have agreed to maintain the confidentiality of such information.

Additionally, your sponsoring organization may receive aggregated and de-identified data in order to understand usage and effectiveness of the program within your sponsoring organization.

Finally, several third-party service providers may have access to your data:

  • If you choose to use the financial account aggregation service, Quovo will have access to your financial account data.
  • EY uses Vital Records, Inc., for storage of backup tapes.
  • EY uses Google Analytics to help analyze how users use our Application. Google Analytics collects information, including via cookies, about often users visit the Application, what pages they visit, and how they interact with the Application. We use the information we get from Google Analytics to improve our Application and Services. Google Analytics stores an anonymized form of the IP address assigned to you on the date you use the Services, rather than your name or other personally identifying information. Although Google Analytics plants a persistent cookie on your web browser to identify you as a unique user the next time you visit the Application, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your use of the Services is governed by the Google Analytics Terms of Use and the Google Privacy Policy.
  • EY uses SendGrid by Twilio to send you confirmation, updates, and recommendations via email (e.g., new account creation confirmation, password change confirmation, document update confirmation, suggestions for new goals, etc.). You can customize your notification preferences via both SendGrid and the Application.
  • EY uses ClickAndChat to provide chat support services in the Application.
  • EY uses Microsoft App Center and App Insights for usage analytics consistent with Section 4 above.

The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). EY will process your personal data in the Application in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (www.ey.com/bcr).

EY encourages you to review the privacy statements of sites linked to from the Application (e.g., benefits providers you have access to via your sponsoring organization-provided benefits) so that you can understand how those websites collect, use and share your information; EY is not responsible for the privacy statements or other content of such websites.

7. Data retention

Your personal data will be retained in the Application for as long as EY provides services to you. After EY’s services to you have concluded, your data will be retained for 7 years on backup tapes stored on EY’s behalf by Vital Records, Inc., after which the data will be deleted. Your personal data will be retained in compliance with privacy laws and regulations.

8. Security

EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.

9. Controlling your personal data

EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.  

You are legally entitled to request details of EY’s personal data about you.

To confirm whether your personal data is processed in the Application or to access your personal data in the Application, contact myplansmart@ey.com or email your request to global.data.protection@ey.com.

10. Rectification, erasure, restriction of processing or data portability

You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting myplansmart@ey.com or by sending an e-mail to global.data.protection@ey.com.

11. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via myplansmart@ey.com. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled and resolved.

If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.

12. Contact us

If you have additional questions or concerns, contact us at myplansmartDEMO2@ey.com or email global.data.protection@ey.com.