Global Data Protection Employee Notice EY Data Protection Notice Ettective dal 28 How We Use Your Personal Information Introduction ‘This Notice is a statement of how the EY entities in india ("the firm”, "us" and *we") use the personal Information relating to its partners, employees, temporary and contract staf! ("you" and "your"). EY Fefers to the global organization, and may refer to one or more, of the member firms of Ernst & ‘Young Global Limited, each of which is a separate legal entity. This Notice supplements EY's global and local data protection policies which set out the principles that apply to the use of personal information throughout EY. The Policies and this Notice refer to all Processing of your personal information. ‘This Notice Is Intended to help you understand why and how we may use your information. The lists and examples below are illustrative, non-exhaustive and not fully representative for every individual within EY. This Notice may be supplemented by additional notices, policies or guidance ("Additional Policies"). Wherever such Additional Policies are in any respect inconsistent with this Notice, this Notice shall onty apply to the extent that itis consistent, or may be made consistent, with that ‘Additional Policy. ‘The Type of Personal Information We May Hold About You “Personal information* means information about you, and {rom which you could be identified, Inciuding information which may be protected under applicable privacy or data protection laws, EY collects, uses or otherwise processes different types of personal information about you, depending ‘on your circumstances, your role and the law, which may Include: Information about you: Name, address. date of birth, marital status, nationality, race, gender, religion, and prelerred language, details of any disabilities work restrictions and/or required ‘accommodations. Information to contact you at work or home: lame, addres Hephone ond email address. Information about who to contact in case o! ‘an emergency (yours or ours): Name, address, telephone, email address and the'r relationship to you,'nformation to identity you: Photographs, passport and/or driving license etalls, electronic signatures. Information about your suitability to work for us and/or EY’s clients: " Reterences, interview notes, work visas ID information such as passport details and driving license information. records/results pre-employment checks, Including criminal record checks, credit and fraud checks. Information about your skills and experienc CVs, resumes and/or application forms, references, records of qualifications, skills, training and other compliance requirements. Information about your terms of et informa ployment Letters of offer and acceptance of employment, your employment contract, location, billing and subscription information. Information that we need to pay you: Bank account details, national insurance or social security numbers (where applicabl salary and benefits, expense allowance: Information that we need to provide you with benefits and other entitlements: Length of service information, health information, leave requests. Information relating to your work travel expenses: Bank account details, passport, driving license, vehicle registration and insurance details. Information relating to your pension entitlements Pensionable salary, pension ba: pension accrual, pension benefits annual Information to allow you to access our buildings and syster Global People Number (GPN), computer or facilities access and authentication Information, Identification codes, passwords, ‘answers to security questions, photographs, ‘video images Cincluding those captured via cctv), Information work: ting to your performance at Information relating to sickness and absence management Performance assessments and ratings, leadership ratings, financial interests, directorships, targets, objectives, records of performance reviews, development records and/or notes of one to ones and other ‘meetings, personal development plans, training recommended and completed, personal improvement plans, secondments, correspondence, reports, Absence and time-keeping records, start and ‘end date of reporting in sick, sick certificates, percentage of sickness and absence per&(D 30f9 Buliding a vertigo” ‘employee, address where an employee Is Deing treated (when different than home Informatic ION relating to discipline, gri 2d ether employment rsa rm htenieineeing notes or recordings, ] Infor : | mation required to ensure your Financial interests including publicly avaliable Independence and the independence of EY debt, equity securities, tradeable financial notes {ssued by banks, mutual funds, hedge funds, ‘money market funds, unit investment trusts 2nd other investment vehicles of EY employees, thelr spouse (or spousal equivalent» and/or financial dependents. Financial interests held through a tinanclal product or investment agreement, owned by EY employees their spouse (or spousal equivalent) and financial dependents such as unceriving publicly avallable securities related to: () Insurance policy investments; id retirement investments; (Gi) investment club investments; () investments Included in trusts; and (¥) tiscretionary accounts managed by others. Other financlal relationships such as loans, brokerage relationships, deposits, insurance Information, Information on family members’ ‘employment relationships. Brokers/investment accounts, deposits, credit cards, other loans, ‘eal estate interests, Insurance policies, ‘employer sponsored retirement savings plans, non-pubile Investments | ‘Your personal information will be collected by EY during the recruitment process; at the beginning of the employment relationship and throughout the course of your relationship withthe firm. To the ‘extent that EY processes personal information about the person you list as your emergency contact, ‘you confirm that you have notified that person that he/she is listed with EY as your emergency contact and, if necessary, provide him/her with a copy of this Notice, What Your Personal Information Is Used For EY will process your personal Information where such processing Is: (D reasonably necessary for the performance of your employment contract; i) reasonably necessary for compliance with a legal tbligation to which EY fs subject ‘for example, within the fet cf employment or i's within EY's Tegitimate business interests as your employe, principally forthe purposes Isted below. The collection of this personal information by EY Is usually mandatory and Itt Is not provided, EY willbe Gable to satisty its legal obligations or perform its role as your employer. Where the collection of ny personal information is not mandatory, EY wil inform you of this prio collection, as well as the implications of faling to provide this personal information. The firm uses your personal information fora variety of purposes Including but not exclusively: 3Recruitment: to work for EY: To assess your suitably t applicant management To perform requisition ans activities: To perform preciion matching toed vacancies Toconduct screening, assessments and interviews: ‘Te maintain aibrary of correspondence; ‘To mate offers and provide contracts ‘of employment: and iployment checks, including sr epaightto work and carving out Stortes Kor IRS in the USA); authorities: crime prevention and detection authorities; of our HR, IT and other viders: we use third parties to provide services for some sre share such information when the third Party Nas & legitimate business reasor > Service pr activities. We SShave the information to provide that service te or EY will only disclose your to tymatign fo third parties that have agreed in venting to provide an adequate level of protection: rexsional bodies have powers to request information ror vmavor to assist such bodies in their enquiries but will > Regulators: various regulatory and prot pected as far as possible; Us about our staff and the firm. We will sie seek fo have the rights and privacy of our stat resi > other EY firms: as the member of a global network, we may share information with other EY ote eis. Ail €Y entitles are require to comply withthe Global Personal Data Privacy Paicy and Contigentiaity Global Policy which requtre that information relating to our staff will be treated as confidential and securely protected; > Existing and prospective clients; >Other staff within your country and the global EY networ} ex sat wit oe k to facilitate operation of systems and mortgage providers, prospective employers. > Other third parties subject to your consent |‘Security and Integrity of Personal EY nals sq Information ‘Safeguard the cor accidental or unt misuse, ang ate administrative, technical andor ep tigen ganizational measures designed to ently nding ot ployee personal intarmalon ant protect agaist separ struction, accidental iss, unautharized aration, closure of acess, adherence with ¢ let unlawful form of processing ofthe personal information in its possession. In anorprne Ct8otcton as and internal EY poles, E adresses ecu at all fe technology infrastructure points. EY trains employees; egerding its data privacy policies and procedures and permits authorized rns to access employee personal information on a need to know basis, as required for their International Transfers of Personal information European data protection law prohibits the transfer of personal information outside the European Economic Area ("EEA") ness speciic requirements are met forthe protection of that personal Information. We will only carry out such transfers where we are confident that the level of protection applies to your Information wil be similar as it it had remained within the EEA. As far as {his applies to you, EV has put in place Binding Corporate Rules to protect transfers of personal Information within the global EY network. A copy of our Binding Corporate Rules is avallable publicly here, For transfers outside of the network, such as to our service providers, we enter ito ‘mode! Clause’ data transfer agreements or rely on some other approved data transfer method to ensure adequacy. ‘Tne following are examples of where and how your information may be transferred, but please note this [snot an exhaustive fist and that due to ongoing changes in our IT and operational infrastructure ‘this may change at any time: > Tothe United States where the servers for some of our global systems are housed, for example GFIS, EYLeads, GM’ ‘To the GDS centers in Poland, India, China, Argentina and the Pil THR ane tax processing is undertaken: ines where some of our IT, To all EY firms outsige the EEA with whom we share information from global systems for work related purposes, suchas Global HR System, Canvas and PACE: ‘Tonon-EEA regulatory bodies, such as the PCAOB, to enable them to assess our compliance with thelr regulations; ‘To other EY firms outsie the EEA to promote integration o systems and appropriate use of resources; ‘To external service providers who may support our I or operational infrastructure. Any such service providers are bound by contractual terms requiring them to process our data with 2 similar level of care and securlty as though they were inthe EEA. How Long We Keep Your Information, Y wil hold your information in tine wit ts data retention policies. ana applicable iaw. We wil retain your personal information for nly as long as appropriate to full the purposes for which EY Collectes that personal information, unless the law permis or requires that EY retains i for longerts to (Wor example for the purpose of administrating ey benefit pension). Your Rights / Subject to applicable local law, you may have ‘the right to: tion > Request access toand obtain a copy af your persona! Iinformat +> Have your personal information amended it's inaccura > Request to have your personal information erased formation of ask » incer sa dveumsancs, srt or object toes pressing your persona for it to be sent to another employer; yng machine Request to recelve your personal information in a structured, ‘commonly used 2! readable format. For mote information about your rights and how fo exercise them, please contact YOU {ecal/Regional privacy contact ‘Sensitive Personal Information ‘some types of information are classified as ‘sensitive 1 for the purposes of European data protection law and there are additional restrictions on how we may use and hold this Information. Sensitive personal information is information that relates to a person's: > Racial and ethnic origin: > Religious, political or philosophical beliefs; > Trade union membership: > Physical or mental health; > Sexual life or orientation; > Genetic or biometric data; > Alleged or actual criminal convictions and proceedings. Generally it ts necessary to obtain your consent before we can hold and use such Information. However, we may hold and use such information without consent for limited statutory purposes such {45 monitoring compliance with our equal opportunities policies and health and safety rules, of if necessary to protect your vital interests. for legal claims, or in the public interest. In any case, we will make clear the purpeses for which we wish to use your sensitive information when it is being collected, and, If necessary, obtain your consent at that time, In such cases, you will ‘de able to withdraw your consent at any time,Contact us For the purposes of Eur Isthe data ‘opean data protect the EY entity that employs you Is gentle of your personal ilomaton: if younwe any questions or compat about Ns Nols oF how we use your personal information, ‘please speak to your local data protection contact. "You are unsatistied with the response you can contact EY's global data protection officer at ‘Gobal.data.protectiondey.com. For those in the EEA, you also have the right to compiain to your local supervisory authority. Updates to this Notice This Notice may be updated perlodically and without prior notice to reflect changes in EY's privacy practices. EY willtet you know about any significant changes to this Notice and will indicate at the top of the Notice when it was most recently updated. Name: Colrate Pescara Date of Joining: Q7/2)2023 Reber Signatur