Data retention

Introduction

At Telesign privacy is embedded in everything we do in service to our Customers and taken very seriously by all Telesign employees.  

Telesign has in place a comprehensive data privacy program which encompasses global laws and regulations including the California Consumer Privacy Act (“CCPA”), EU General Data Protection Regulation (“GDPR”), Brazilian Lei General de Protecao de Dados (“LGPD”), Serbian Zakon o zaštiti podata oličnosti (“ZZPL”), Chinese Personal Information Protection Law (“PIPL”), Singaporean Personal Data Protection Act (“PDPA”), and Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”). Our data privacy program is aligned with the key principles of data protection - lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.   

Data Retention at Telesign 

Telesign processes Personal Data to deliver our products and services to our customers. Principles of data minimization and storage limitation (data retention) are closely linked and honored throughout the whole data lifecycle at Telesign. In the delivery of our products and services, we only use Personal Data for Customer approved purposes or legitimate interests such as fraud prevention, based on applicable data protection laws.‍

Our Policy 

All Personal Data is kept in accordance with Telesign’s Data Retention Policy. Additionally, Telesign regularly reviews all Personal Data in its possession to determine whether it is still needed and whether earlier deletion or pseudonymization may be appropriate in the circumstances. 

Our Data Retention Policy mandates that as a general rule, all Personal Data provided to us by our Customers (‘Customer Personal Data') be deleted after 90 days or returned to the Customer, upon written request (as agreed contractually).  

Telesign are also legally required to keep certain types of Personal Data to fulfill our legal and statutory obligations. 

We will keep Personal Data in our systems for as long as is necessary to provide the services our Customer has contracted for (as per our Data Retention Policy), and thereafter for a variety of legitimate legal or business purposes. These might include purposes: 

• mandated by law, contract or similar obligations applicable to our business operations; 
  
• for preserving, resolving (customer support), defending or enforcing our legal/contractual rights; or 
  
• needed to maintain adequate and accurate business and financial records. 
  ‍

‍Deletion  

When the retention of Personal Data is no longer necessary for the defined purposes, the information will be either: 

• destroyed in a manner sufficient to prevent unauthorized access to that information; or  
  
• be de-identified in a manner sufficient to make the data no longer personally identifiable, and thus not subject to data privacy laws and regulations. 
  

‍