At Telesign privacy is embedded in everything we do in service to our Customers and taken very seriously by all Telesign employees.
Telesign has in place a comprehensive data privacy program which encompasses global laws and regulations including the California Consumer Privacy Act (“CCPA”), EU General Data Protection Regulation (“GDPR”), Brazilian Lei General de Protecao de Dados (“LGPD”), Serbian Zakon o zaštiti podata oličnosti (“ZZPL”), Chinese Personal Information Protection Law (“PIPL”), Singaporean Personal Data Protection Act (“PDPA”), and Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”). Our data privacy program is aligned with the key principles of data protection - lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.
Telesign processes Personal Data to deliver our products and services to our customers. Principles of data minimization and storage limitation (data retention) are closely linked and honored throughout the whole data lifecycle at Telesign. In the delivery of our products and services, we only use Personal Data for Customer approved purposes or legitimate interests such as fraud prevention, based on applicable data protection laws.
All Personal Data is kept in accordance with Telesign’s Data Retention Policy. Additionally, Telesign regularly reviews all Personal Data in its possession to determine whether it is still needed and whether earlier deletion or pseudonymization may be appropriate in the circumstances.
Our Data Retention Policy mandates that as a general rule, all Personal Data provided to us by our Customers (‘Customer Personal Data') be deleted after 90 days or returned to the Customer, upon written request (as agreed contractually).
Telesign are also legally required to keep certain types of Personal Data to fulfill our legal and statutory obligations.
We will keep Personal Data in our systems for as long as is necessary to provide the services our Customer has contracted for (as per our Data Retention Policy), and thereafter for a variety of legitimate legal or business purposes. These might include purposes:
When the retention of Personal Data is no longer necessary for the defined purposes, the information will be either: