Privacy Notice – EY IR35 Confirm tool

  1. Introduction

    2. This Privacy Notice is intended to describe the practices EY follows in relation to the EY IR35 Confirm tool (“Tool”) with respect to the privacy of all individuals whose personal data is processed and stored in the Tool.

  2. Who manages IR35 Confirm?

    3. “EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can act as a data controller in its own right. The entity that is acting as data controller by providing IR35 Confirm on which your personal data will be processed and stored is Ernst & Young LLP.

    The personal data you provide in EY IR35 Confirm is shared by Ernst & Young LLP with one or more member firms of EYG (see “Who can access your information” section below).

    The Tool is hosted on servers in EY Managed Azure, UK South Datacenter.

  3. Why do we need your information?

    4. The Tool is used to help evaluate the likelihood of a PAYE and NIC withholding obligation arising in respect of contractors following the introduction of the “off payroll working” legislation to be introduced in April 2020.

    Your personal data processed in the Tool is used as follows:

    • To evaluate the likelihood of the role in question being caught by the legislation

    • To provide management insight

    EY relies on the following basis to legitimise the processing of your personal data in the Tool:

    • Legitimate interests

  4. What type of personal data is processed in the Tool?

    5. The Tool processes the following personal data categories:

    • First name

    • Last name

    • Email address

    • Job description and compensation information

    This data is sourced directly from you and from your engager.

  5. Sensitive Personal Data

    6. Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

    EY does not intentionally collect any sensitive personal data from you via the Tool. There is no intention to process such information.

  6. Who can access your information?

    7. Your personal data is accessed in the Tool by the following persons/teams:

    RoleNumber of rolesLocation
    EY Client Engagement Employment Tax Team1-10 individualsUK & India
    EY Technology support team1-5 individualsIndia
    Corporate Employment Tax team1-5 usersUK

    The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at http://www.ey.com/ourlocations). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules (https://www.ey.com/bcr).

  7. Data retention

    8. In relation to the retention of personal data in the Tool personal data is automatically deleted after 6 years.

    Your personal data will be retained in compliance with privacy laws and regulations.

    After the end of the data retention period or when the purpose for processing (see question 3 above) is complete, your personal data will be deleted.

  8. Security

    9. EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.

  9. Controlling your personal data

    10. EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.

    You are legally entitled to request details of EY’s personal data about you.

    To confirm whether your personal data is processed in the Tool or to access your personal data, contact your usual EY representative or email your request to global.data.protection@ey.com.

  10. Rectification, erasure, restriction of processing or data portability

    11. You can confirm your personal data is accurate and current. You can request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com.

  11. Complaints

    12. If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled and resolved.

  12. Contact us

    13. If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.

    © 2024 Ernst & Young LLP. IR35 Confirm is proprietary and confidential. All rights reserved Cookies and privacy

    This site uses cookies to provide you with a personalised browsing experience. By using this site you agree to our use of cookies as explained in our Cookie Policy. Please read our Cookie Policy for more information on how we use cookies.