EY Strategy and Consulting Co., Ltd.
Privacy policy

1. Overview
 Processing of personal data by EY Japan member firms

This Privacy policy explains how EY Strategy and Consulting Co., Ltd. (“EYSC”) and the other EY Japan member firms collect and use your personal data and describes the rights you have with respect to your personal data.

EY Strategy and Consulting Co., Ltd. (“EYSC”) is a member of the global organization of member firms of Ernst & Young Global Limited (“EY Global”), each of which is a separate legal entity. In this Privacy policy, “EY,” refers to the global organization of member firms of Ernst & Young Global Limited, or to one or more of those member firms, including EYSC. References to “we”,“our”, or “us” in this policy refers to EYSC or EY as the case requires.

EYSC and the other EY member firms in Japan process personal data for a variety of purposes. We process personal data in compliance with the requirements of the Act on the Protection of Personal Information of Japan (“APPI”) and other applicable laws and regulations, and take appropriate steps so that personal data is appropriately protected.

2. Our privacy policies

(1) This Privacy policy 

This Privacy policy explains how EYSC processes your personal data. It also provides information about the sharing and joint use of your personal data with other EY member firms and the provision of personal data by EYSC to third parties such as our service providers.

(2) EY’s Global Privacy Statement

The member firms of EY Global process personal information for various purposes.

EY Global provides a Global Privacy Statement to explain how member firms of the EY Global network process personal information, as well as global standards of handling personal data by the member firms generally and in specific service lines, so that each EY member firm can protect personal data in accordance with applicable laws and regulations.

EYSC and the other EY member firms in Japan process personal data consistently with the information provided in the EY Global Privacy Statement and within the scope permitted under the Act on the Protection of Personal Information of Japan (APPI) and other applicable laws and regulations.

(3) Other specific privacy statements

Each EY member firm in Japan may ask you for your consent to process your personal data in separate privacy statements, with regard to the particular services that it offers (“other specific privacy statements”). EY member firms in Japan also comply with these other specific privacy statements.

(4) Browsing and using EY websites

Details of how EY websites collect and process your personal data, as well as the Cookie policy, can be found here.

3. Collecting and using personal data

(1) Each member firm of EY Japan collects and processes personal data in relation to the services that it offers. Personal data includes:

a) information from which an individual can be identified (including name, age, gender, titles, contact information, and address)
b) information that is needed to provide and perform its services, that is given by you, or by other individuals and entities.

(2) Please refer to the EY Global Privacy Statement and other specific privacy statements for more details of the categories of information processed for individual services.

4. Purposes of processing personal data

(1) Purposes

EYSC collects and process personal data for the following purposes:

a) To appropriately provide and perform related professional services
b) To respond to inquiries and requests
c) To provide information on our services, seminars and publications etc.
d) To comply with legal and regulatory obligations
e) To use IT, document management and archiving, and business operation tools and applications, in connection with performing services; for security, and business continuity/disaster recovery purposes
f) To conduct analysis, research and development, recommendations related to services that are provided and improvements of such services

(2) For specific purposes related to services offered by EY, please refer to the EY Global Privacy Statement and other specific privacy statements.

5. Use and transfer of personal data

EYSC will not use personal data for any purpose other than the stated purposes of processing, nor provide them to a third party, unless disclosure is required or requested by law or where there is a legitimate reason as permitted by applicable laws and regulations.

6. Security

EYSC protects the confidentiality and security of personal data that are processed in the course of its business. We will treat personal data safely under strict management based on applicable laws and our related policies for security protection and management of personal data.

7. Support providers

EYSC, other EY member firms in Japan and EY Global network member firms outsource the processing of personal data to other member firms of the EY Global network or to our external support providers. For example, we engage our support providers in the following areas including but not limited to:

a) General office support including printing, document production and management, archiving, and translation services;
b) Accounting, finance and billing support;
c) IT functions including system management and security, data storage, business applications, and duplication of systems for business continuity/disaster recovery purposes;
d) Conflict checking, risk management and quality reviews; and
e) Business analysis, research and development, service improvements.

When EYSC outsources processing of personal information to our external support providers, EYSC will appropriately contract with them and conduct necessary and appropriate supervision in order to maintain safe management of the processing of personal data.

8. Joint use of personal data

EYSC, other EY member firms in Japan and member firms of the EY Global network (collectively, “Network Member Firms”) may jointly use and share personal data to the extent needed to carry out our business operations.

(1) Items of personal data to be jointly used

Network Member Firms may jointly use and share personal data to the extent needed for services and purposes including but not limited to:

a) Information about personal attributes (name, address, date of birth, the company you work for, title, telephone number, other contact information, other attribute information related to provided services, etc.)
b) Information necessary for the provision of services (type and content of provided services, materials required to perform services, communication records, service needs, etc.)
c) Information necessary for determination and management of the provision of services (service usage, transaction status, relationships with related parties, etc.)
d) Information necessary for responding to your inquiries and applications (content of inquiries, records of responses, other attributes and related information of services required for responses, etc.)
e) Personal data items listed in each category of the EY Global Privacy Statement

(2) Purposes of joint use and sharing of personal data include the following:

a) To perform related services provided by Network Member Firms
b) To respond to your inquiries and requests
c) To provide information on the services, seminars, and publications of Network Member Firms
d) To enable Network Member Firms to comply with applicable laws and regulations
e) To perform internal management controls including conflict checks, risk management and quality controls
f) To perform operation of services or use supporting services, such as for: IT; document production, management, and archiving; use of business operation tools and applications; security; and systems for business continuity/disaster recovery purposes
g) To conduct analysis, research and development, recommendations in relation to services of Network Member Firms, as well as to improve their provision of services
h) For the purposes described in the EY Global Privacy Statement

The Network Member Firms that may share and jointly use personal data are member firms of the EY Global network and can be found here

The person and entity in charge of managing joint use of personal data is set out below:

Representative Director and President Akira Kondo
EY Strategy and Consulting Co., Ltd.
Address: Tokyo Midtown Hibiya, Hibiya Mitsui Tower,
1-1-2 Yurakucho, Chiyoda-ku, Tokyo

9. Transfer of personal data to outside countries

EY Global Network Member Firms operate in more than 150 countries across the globe. Therefore, your personal data may be transferred to and stored outside the country in which you are located. Please refer to the following for further information on the entities and their locations.

Location of EY offices

Please also refer to the "Transfers of personal data" and "Support providers" section in the EY Global Privacy Statement regarding the transfer of personal data to outside countries.

10. EY’s Binding Corporate Rules

EY has established a Data Protection Binding Corporate Rules Program (BCR) to comply with European data protection law and other applicable laws and regulations. EYSC, members of EY Japan firms and EY Network Member Firms comply with the BCRs for the protection of personal data.

11. Disclosure and correction of personal data

In accordance with the Act on Protection of Personal Information of Japan (APPI) and other applicable laws and regulations, EYSC will disclose at your request the personal data that we hold about you according to the applicable procedures. If you inform us that your personal data is inaccurate, we will review and correct, add or delete the data as required in accordance with applicable laws, regulations and procedures.

12. Inquiries

If you have an inquiry, complaint or a request such as for the disclosure or rectification of your personal data which is processed by us, please contact:

Contact information:
EY Strategy and Consulting Co., Ltd.
Tokyo Midtown Hibiya, Hibiya Mitsui Tower,
1-1-2 Yurakucho, Chiyoda-ku, Tokyo 100-0006.
TEL: 03 3503 3500

E-mail