Last updated: 03/24/2020
1. Introduction
This Privacy Notice is intended to describe the practices EY follows in relation to the Blacklane for Business Website and Blacklane Guest Mobile App (the “App”) (collectively “Service”) with respect to the privacy of all individuals whose personal data is processed and stored in the Service. This Privacy Notice should be read together with the ey.com Privacy Statement, and in case of any conflict with the ey.com Privacy Statement, the terms of this Privacy Notice will prevail. Please read this Privacy Notice carefully.
2. Who manages the Tool?
“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity and can determine the purposes and means for data processing in its own right (i.e. act as a data controller or in a similar capacity) . The entity that is acting as data controller (or similar capacity) by providing this Service on which your personal data will be processed and stored is EY Global Services Limited. EY Global Services Limited licenses the Service from Blacklane GmbH Feurigstrasse 59 10827 Berlin Germany. Blacklane is an independent data controller for personal data collected by or shared with the Service and is responsible for providing an appropriate privacy notice to users of the Service who register with Blacklane.
The personal data in the Tool is shared by EY Global Services Limited with one or more member firms of EYG (see “Who can access your personal data” section 6 below).
The Service is hosted on AWS servers in Frankfurt, Germany.
3. Why do we need your personal data?
The Service is a Chauffeur request portal to connect EY Partners and employees, EY clients and third parties (“Users”) to professional Chauffeurs through a mobile app, website and hotline.
Your personal data processed in the Tool is used as follows:
The Service uses EY Single Sign On (“SSO”) for login and authentication of EY Users. Once the EY Users login to the Service using their EY SSO credentials they setup a profile with the Service.
First name, last name, email address and mobile phone number are used in order to be able to send notifications about the booking and the ride execution. The phone number is used in order to be able to send notification via SMS and to contact the Traveler if needed. If a Booker or Traveler enters a credit card to be used as a payment option, the information entered is stored with Blacklane’s third-party payment gateway. The Service only retains last 4 digits of the credit card number which is accessed by Bookers. Tokenized credit card data is used for payment purposes.
The User data will be used by Service for the personalized fulfillment of the framework agreement after registration (creation, storage, administration and support of User account), for fulfilling the ride request. The Traveler data is made available to Chauffeurs so that the Traveler and Chauffeur can contact each other an hour before or when the ride is in progress. The payment data collected is stored via a payment service provider and transferred to the intermediary financial service provider or bank.
The EY Admin role can access ride overview and ride history (e.g. average miles, average distance available in an aggregate report through consolidated numbers). EY Admins also have access to User overview with contact information of all Users. EY will indicate 3-5 EY Partners and employees by region to act as EY Admins for the Service within the region. The EY Admins will only have access to ride data for that region.
The ride data including ride request details (pick up/drop off location, duration, date and time), payment information (last four digits of the tokenized payment card) is reported back to EY by Blacklane. All data except the ride history data and invoice data, provided by Blacklane to EY is in an aggregate report form through consolidated numbers.
Ride data including ride request details (pick up/drop off location, duration, date and time), payment information (last four digits of the tokenized payment card) is provided to EY by Blacklane for EY to access business-related trip information for expense reimbursement, as well as deep-dive reporting, expensing, and control features for EY.
The App uses the location tracking feature on User’s devices to determine where to pick up a Traveler and to ascertain the drop-off location. The Users can turn off their location setting on their device and the location tracking will not be enabled for booking rides on the App.
Users can enable push notifications on their device and will receive notifications from the Service.
The Users can only contact the Chauffeurs 1 hour prior to the ride. Contact details of the Chauffeur will be sent via SMS directly to the Travelers’ mobile phone.
The Travelers can contact and exchange messages with Service personnel (Customer Service and/or Key Account Manager) using a live chat box on the App and website (for Bookers requesting support on behalf of the Travelers) and Facebook Messenger. Users login to their own Facebook accounts and contact the Service via the Blacklane page on Facebook, like they would contact any business via Facebook. Users do not use their EY credentials to log into Facebook to contact the Service.
The live chat feature on the App and website (powered by Intercom) also enables Users to connect with Service personnel and Chauffeurs. Blacklane personnel access these messages on a need to know basis. Blacklane engineers (on-call) may access these messages for live debugging and further development.
Bookers and Travelers can use the website to book rides for any third party guest and the third-party guest information will be processed for that ride the same as any other Traveler. Third party booking is only available through the website and the Android App. The User who books for a third party guest acknowledges the Service Terms and Condition and Privacy Policy on behalf of the third party guest upon making a booking. It is the Bookers responsibility to ensure that the Traveler is informed accordingly. The guest can, however, access and also request their information to be deleted by contacting Blacklane.
Third party guest data will be visible to Bookers that booked the ride, as well as the EY Admin of the account for the region.
EY relies on the following basis to legitimize the processing of your personal data in the Tool:
Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Processing of your personal data is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The specific legitimate interest(s) are
- Conducting client engagements
- Quality & Risk Management, including complying with EY policies
- Safety and security of individuals, premises and IT networks.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the above legitimate interest(s).
4. What type of personal data is processed in the Tool?
The Service processes these personal data categories:
- Salutation (Mr., Mrs, Mx., etc)
- First and Last Name
- Email address
- Country
- Mobile Number
- Password
- Company Name
- Contact Address
- Ride request details (ride type-one way/roundtrip, pick up/drop off location, duration, date and time)
- Payment information (tokenized credit card data)
- Pick up sign
- Special requests
- Reference code or cost centre
- Service Class (Business class/ First Class/VAN/Green class)
- Flight number
- Traveler Satisfaction Rating
The Service also collects following information about the Users:
Website:
- IP address
- Status code
- Blacklane websites visited
- Date and time of the server request
- Browser type and version
- Referrer (website visited beforehand)
- Files transferred
- Data volume
- Device name
App:
- Device Name
- Device manufacturer
- Model
- Operating System
- App or SDK version, mode
The Service also uses cookies, pixels or similar technologies (e.g. by means of tags, web beacons or gifs). These are small files which are stored on the User’s end device.
When visiting the Website, Blacklane will set the required cookies, which are technically necessary, to improve the functionality or make the use of Blacklane services more user-friendly (e.g. language, login status). Blacklane also uses its own cookies, as far as possible in a pseudonymized or anonymized form, in order to analyse and improve the usage of Blacklane services, to detect and remedy interruptions and technical or process-related problems and to prevent illegal usage of Blacklane services (e.g. fraudulent booking, cyberattacks).
Additionally, Blacklane uses its own cookies, pixels or similar technologies or those from advertising partners (e.g. search engine providers, advertising networks or distribution partners) in order to improve Blacklane services or to measure, evaluate, design and improve advertising measures. Blacklane uses different analysis tools in this regard. The evaluation is carried out in a pseudonymized or anonymized form as far as is possible.
This data is sourced from:
- Provided directly by EY Partners, employees or contractors
EY Users will login to the Service using EY’s SSO. After providing the username in the login page, EY Users will be directed to the EY login page to insert their EY password and upon successful authentication, be redirected again to Service homepage. The synchronisation between Service and EY will be automatically maintained via the implemented integration. The EY Users will then fill in the information to setup a profile with the Service.
- A feed from other EY systems-GHRDB (for SSO credentials)
- Provided by other parties:
Invoice data and data about Users’ ride history is collected and reported by the Service.
- Information about third party guests is entered by EY Users at the time of requesting a ride.
5. Sensitive personal data
Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.
EY does not intentionally collect any sensitive personal data from you via the Tool. The Tool’s intention is not to process such information.
6. Who can access your personal data?
Your personal data is accessed in the Tool by the following persons/teams:
| USER GROUP | LOCATION | PURPOSE | ACCESS | APPROXIMATE NUMBER OF USERS |
|---|---|---|---|---|
| EY Admins | Global (regional admins for each region across the globe). | Real time administration and report download for all rides in that account/region; Possibility to view, edit or cancel any ride in the dedicated EY account; | Read/Edit/Delete. Can book, view, edit & cancel rides for all employees of corporate account; can add or invite Travelers to join the corporate account, cannot assign Bookers to Travelers. | Up to 5 |
| Bookers | (EY Partners and employees) | Global (bookers can be assigned at an office level). | Real time management of rides for preselected Travelers Read/Edit/Delete assigned Travelers. Can book, view, edit & cancel rides for assigned Travelers and for the rides the Bookers booked for the assigned Travelers; Can add employees or invite Travelers to join the corporate account | Depends on need. |
| Travelers (except EY clients and third-party guests)* | Global | Request rides for themselves and others (EY clients, other third parties) | Read only access to their information | Depends on need |
| EY Global Travel Meetings and Events Team | Global | To administer the program | Read-Write access | Depends on need |
| Blacklane Personnel | (Service Control, Account Management, IT and Engineers, Finance team) | Global (including Berlin HQ, Brisbane, Dubai, Singapore, Los Angeles & New York) | Provide the Service and deal with any incidents, provide customer service Can add, remove Users with the dedicated email domain address. Book, edit and cancel rides. Define roles of Admin/Booker/Traveler and tie specific Bookers to Travelers as requested by EY | Depends on need |
| Blacklane Payment Vendor | United States | To facilitate payment for rides | Read only | Depends on need |
| Blacklane Chauffeur | Global | To fulfil the ride request and contact Travelers as needed when providing rides | Read only | Depends on need |
Blacklane's Corporate Key Account Manager will be EY’s dedicated point of contact and will assist with all account-related topics and management including quarterly business reviews and reporting capabilities. On a day-to-day basis, EY Global Travel Meetings and Events Team will deal with any urgent matters.
The access rights detailed above involves transferring personal data in various jurisdictions (including jurisdictions outside the European Union) in which EY operates (EY office locations are listed at www.ey.com/ourlocations). An overview of EY network entities providing services to external clients is accessible here (See Section 1 (About EY) - “View a list of EY member firms and affiliates”). EY will process your personal data in the Tool in accordance with applicable law and professional regulations in your jurisdiction. Transfers of personal data within the EY network are governed by EY’s Binding Corporate Rules.
We transfer or disclose the personal data we collect to third-party service providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage service providers to provide, run and support our IT infrastructure (such as identity management, hosting, data analysis, back-up, security and cloud storage services) and for the storage and secure disposal of our hard copy files. It is our policy to only use third-party service providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.
To the extent that personal data has been rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.
For data collected in the European Economic Area (EEA) or which relates to individuals in the EEA, EY requires an appropriate transfer mechanism as necessary to comply with applicable law. The transfer of personal data from the Tool to Blacklane is governed by an agreement between EY and Blacklane that includes standard data protection clauses adopted by the European Commission.
7. Data retention
Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Why do we need your personal data”. Retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.
In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights and for archiving and historical purposes, we need to retain information for significant periods of time.
The policies and/or procedures for the retention of personal data in the Tool are:
The total retention period is not yet defined.
After the end of the data retention period, your personal data will be deleted.
8. Security
EY protects the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure. Additional information regarding our approach to data protection and information security is available in our Protecting your data brochure.
9. Controlling your personal data
EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.
You are legally entitled to request details of EY’s personal data about you.
To confirm whether your personal data is processed in the Tool or to access your personal data in the Tool or (where applicable) to withdraw your consent, contact your usual EY representative or email your request to global.data.protection@ey.com.
10. Object, rectification, erasure, restriction of processing or data portability
You can confirm your personal data is accurate and current. You can object to the processing of your personal data or request rectification, erasure, restriction of processing or a readily portable copy of your personal data by contacting your usual EY representative or by sending an e-mail to global.data.protection@ey.com.
11. Complaints
If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Leader, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Leader will investigate your complaint and provide information about how it will be handled and resolved.
If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.
Certain EY member firms in countries outside the European Union (EU) have appointed a representative in the EU to act on their behalf if, and when, they undertake data processing activities to which the EU General Data Protection Regulation (GDPR) applies. Further information and the contact details of these representatives are available here.
12. Contact us
If you have additional questions or concerns, contact your usual EY representative or email global.data.protection@ey.com.