Privacy Notice

Scope of the Privacy Notice

Our Services How Do We Collect Personal Data? What Personal Data Do We Collect? Why Do We Process Personal Data? Who Do We Share Personal Data With? What Are Your Privacy Rights & Choices? How And Where Do We Store Your Personal Data? How Do We Use Cookies And Similar Tracking Technologies? Contact Us EEA, UK and Switzerland United States, including California China Colombia

Scope of the Privacy Notice

Telesign is committed to protecting your privacy and keeping your personally identifiable information or personal data (“Personal Data”) secure. This Privacy Notice describes how Telesign collects, uses, shares and retains Personal Data, what choices you have with respect to your Personal Data, and how we keep it secure.

We aim to be fully transparent in this Privacy Notice by describing our privacy practices in simple, easy-to-understand language, and giving you control over your Personal Data that you have entrusted us with. We will work hard to maintain your trust in us by being honest and direct when it comes to your Personal Data. Your trust is our top priority and by helping you understand our Privacy Notice, we intend to open the way to better communications and service.

This Privacy Notice applies only where Telesign is a “Data Controller” – where it processes Personal Data for its own purposes – and only for the following activities:

when you use Telesign’s websites, including telesign.com and our Customer portals (“Websites”)
when Telesign processes the Personal Data of individuals to deliver our services to our Customers (“Services“)
When Telesign processes Personal Data of its business contacts such as representatives of prospective Customers, suppliers and business partners at events, trade fairs, via email and phone and when visiting our offices (“Business Contacts“).

Note that for some of our Services, Telesign is a “Data Processor” – we process Personal Data on behalf of our Customers and in accordance with their instructions – in which case this Privacy Notice does not apply and you should contact the relevant Customer directly for information about how they process your Personal Data. Further details about this distinction are contained in the “Our Services” section below.

If you are a job applicant, this Privacy Notice does not apply. Please read our Job Applicant Privacy Notice.

In this Privacy Notice, the words “you” and “your” refer to the individual interacting with Telesign, as well as our Customer’s end user.

Our business may change from time to time. As a result, at times it may be necessary for Telesign to make changes to this Privacy Notice so please check this page occasionally. We will announce any material changes to this Privacy Notice via channels appropriate to our relationship with you.

Our Services

Telesign provides continuous trust to leading global enterprises by connecting, protecting, and defending their digital identities. Headquartered in Los Angeles, California, Telesign connects, protects and defends companies, customers and the digital interactions between them. With powerful AI that delivers identity with speed, accuracy and global reach, we enable companies to transact, communicate and engage with their customers free of fear. Telesign helps make the promise of the digital economy possible.

In many instances, Telesign is a Data Controller for its Services meaning that we are responsible for its processing. In order to deliver these Services to our Customers, we process Personal Data about individuals, including those who interact with our Customers, for example end users of gaming, software and retail services. See below some examples of how Telesign’s Services work.

Intelligence (formerly known as Score)

When an individual user attempts to sign-up to the service (e.g. an app) of one of our Customers, the Customer will collect the phone number of the user. Telesign then evaluates certain aspects of that phone number to provide a risk score to the Customer indicating whether the phone number is likely to be used for fraudulent purposes. The Customer then, based on this risk score recommendation and other information at its disposal, decides whether to allow, flag or block that phone number from being used for its services.

The risk score is calculated based on a variety of data. For example, Telesign will look at:

Whether the phone number is a mobile, landline, VoIP or burner phone
The city in which the phone was registered and the country code of the phone number
Usage activity of the phone, including anomalous behavior such as being used across multiple geographic locations in a short space of time
Previous signs of anomalous behavior indicating potential fraud

Telesign is a Data Controller of all the Personal Data used to evaluate the risk score and the risk score itself. Our Customer is also a Data Controller and makes the decision about whether to provide their services using the phone number you have provided. This means you can ask either Telesign or our Customer about how your Personal data is used, but only our Customer can explain their decision. Telesign also is a Data Processor for user contact details the Customer provides to us.

Engagement (SMS, Voice, other Omnichannel Messaging)

Telesign helps its Customers to send SMS text messages, voice calls or other programmable communications (such as WhatsApp and Viber messages). Customers do this for a variety of purposes such as sending alerts, reminders, notifications, promotions, marketing and multi-factor authentication. Telesign acts both as a Data Controller and a Data Processor.

Telesign is a Data Processor for the sending of the content in the messages or calls (as the Customer decides its content), for data of its Customer’s employees in order to operate and communicate about the Customer’s account and when a Customer sends data to us to provide support and troubleshooting.

Telesign is a Data Controller for the phone number when routing the message or call i.e. ensuring the message or call reaches its destination quickly and efficiently, as well as for the content of the message or call for the purpose of error resolution, ensuring it meets legal requirements and the policies of Telesign and the carriers. Telesign also creates logs of when messages or calls are sent which, along with Personal Data about its Customers’ employees, it processes as a Data Controller for billing, error resolution and security as well as to meet legal obligations and ensure Customers’ contractual obligations are met. Telesign also processes Personal Data as a Data Controller when resolving common issues affecting multiple Customers, which may include examples of messages or calls sent.

Digital Identity (PhoneID)

When an individual user attempts to sign-up to the service (e.g. an app) of one of our Customers, the Customer will collect contact details of the user such as their phone number, name, address and date of birth. Telesign then provides information to the Customers based on those contact details. The Customer then, based on this information and other information at its disposal, decides whether to allow, flag or block that phone number from being used for its services.

The information provided to the Customer includes information from third parties such as:

Whether the phone number is a mobile, landline, VoIP or burner phone
The city in which the phone was registered and the country code of the phone number
Information about how closely the information provided by the Customer matches data held by third parties such as the phone carrier
How likely it is that the phone number has been fraudulently swapped onto a different SIM

Telesign is a Data Processor for data of its Customer’s employees in order to operate and communicate about the Customer’s account and when a Customer sends data to us to provide support and troubleshooting. Telesign is also a Data Processor for user contact details the Customer provides to us.

Telesign is a Data Controller for obtaining and combining information from third party sources to provide to the Customer and for assessing the likelihood of SIM swap fraud. Telesign also creates logs of the information provided to Customers which, along with Personal Data about its Customer’s employees, it processes as a Data Controller for billing, error resolution and security as well as to meet legal obligations and ensure the Customer’s contractual obligations are met. Telesign also processes Personal Data as a Data Controller when resolving common issues affecting multiple Customers.

How Do We Collect Personal Data?

How we collect your Personal Data depends on whether you interact with our Website and/or whether we are collecting your Personal Data in the course of providing our Services to our Customers. Some of the Personal Data provided to our Customers is sourced from phone carriers, data aggregators and publicly available websites. Telesign also derives risk scores from this information which we share with our Customers.

Websites

We collect Personal Data to provide the best possible experience. When you use our Websites, we collect information in a variety of ways directly from you, when you:

Register to attend training through our Website
Participate in surveys, evaluations and promotions on our Website
Join an email mailing list via our Website
Create and operate an online account on our Websites, as an employee or agent of our Customer
Request support from our customer support team for Services via our Website
Submit Personal Data through our Websites or via cookies

Services

To improve the quality and accuracy of the Services we deliver to our Customers, we receive Personal Data from a number of sources:

From Telesign’s Customers, for example when they submit your contact details to us so that we can provide them with additional Personal Data about you or your phone number, including a risk score
From third parties, such as Telesign affiliates, phone carriers and data aggregators that are legally permitted to share your Personal Data with us, such as the city location where a phone number is registered, to confirm your contact details are correct or to provide additional information about you and your phone number
From publicly available sources of information, such as phone numbers which are published online by third parties for potentially fraudulent purposes. These include websites providing phone numbers for VoIP and receiving SMS messages, as well as those providing premium rate numbers.

We also draw inferences from the Personal Data, for example by assessing whether a phone number is likely to be used for fraudulent purposes, and the reasons why.

Business Contacts

To collect Personal Data about you via events, trade fairs, email and phone, we collect Personal Data from a number of sources, including:

From you or your colleagues when we communicate about our respective products and services
From Telesign’s Customers in provision of our Services to our Customers
From third parties, such as Telesign affiliates and partners, that have your permission to share your personal data with us
From publicly available sources of information such as LinkedIn, Apollo.ai and Lusha.com
At conventions, trade events, and trade shows.

What Personal Data Do We Collect?

We may process Personal Data that directly identifies you, such as name, and email address. We may also process Personal Data that may only indirectly identify you such as phone number, device identifiers and how you use our website.

Website

In relation to our Website, we collect the following categories of Personal Data:

Contact Information: Your name, email address and telephone number
Online Identifiers: Your IP address, how you navigate our Website, and cookies
Product Information: Details of any products or services you enquire about or purchase
Marketing and Contact Preferences: Details of the choices you have made to receive marketing from us.

We do not store credit card information. For payments, we use third party payment processors who specialize in the secure online capture and processing of credit/debit card transactions.

Services

In relation to our Services, we may collect the following categories of Personal Data depending on the Services our Customers engage us for and whether or not your Personal Data is contained in the information we receive from third party data sources:

Personal Data sent to us by our Customers:
- End User Contact Data: Name, postal address, telephone number, and other identifiers such as social media account ID
- End User Content Data: Content of SMS/Voice messages sent by Customers e.g. “Dear John Doe, your dental appointment is today 3PM”).
- Support Data: Information sent by the Customer to Telesign for troubleshooting, for example screenshots which could include Personal Data about you
- Customer Relationship Data: Information about the Customer employee used to operate their account such as name, log-in details, job title, company name of Customer, preferences and settings
- Device Identifiers: Information about the devices used by Customer employees such as their device identifier and IP address.
Personal Data we receive from third party sources such as aggregators of telecoms data:
- Telco Data: Information to assess the risk profile of a phone number such as the phone type (e.g. mobile, landline, VoIP, pre-paid, premium number), active status, current and previous carriers, call forwarding settings, contract and account type, SIM swap history, porting history and the city/country where the phone number was initially registered. We also receive confirmation about whether Personal Data provided by the Customer matches with the Personal Data held by the phone carrier.
- Aggregator Data: Information which supplements or confirms the data already held by the Customer such as name, address, email address, date of birth and (in certain limited countries, where permitted) national identification numbers.
- IP Data: City/country where the IP address is located
- End User identifiers: Date of birth and confirmation of whether the person to whom the phone number is registered is aged 18 or over, and (in Brazil only) the national ID number.
Personal Data inferred by Telesign:
- Services Data: Risk scores based on telephone number or SIM card behavior, data intelligence and the reasons why (e.g. “call center-like activity” or “VoIP number”)
- Log Data: Records about how we provide our Services to our Customers, such as the date, time and phone number of an SMS is sent as well as the sent status of the message and error codes.

Business Contacts

We collect the following Personal Data either from you or third parties:

Business Contact Data: Name, email address, phone number, job title, company, links to business networking online profiles
Enquiry Data: Information submitted to us relating to questions about our Services or products and services provided by your business
Marketing and Contact Preferences: Details of the choices you have made to receive marketing from us.

Children’s Information

Telesign does not knowingly collect Personal Data from children. If you are a child, please do not submit any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide Personal Data without their permission. If you have reason to believe that a child has provided Personal Data to Telesign, please Contact Us, and we will delete that information from our data bases in the earliest possible timeframe.

Why Do We Process Personal Data?

In some jurisdictions, such as in the European Union, we need a “legal basis” to process your Personal Data. Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we process it.

We have set out a description of all the ways we will use your Personal Data and which of the legal bases we rely on to do so, in the tables below.

In certain situations, we require your Personal Data to pursue our legitimate interests in a way which is reasonable for you to expect, and which does not materially affect your rights and freedoms. We have identified below what our legitimate interests are.

Website

Purpose/Activity	Personal Data	Lawful basis for processing including basis of legitimate interest
To process and deliver your order including: Manage payments, fees and charges Collect and recover money owed to us	Contact Information Product Information	Necessary for our legitimate interests (to be paid and recover debts due to us)
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey	Contact Information Product Information Marketing and Contact Preferences	Necessary to comply with a legal obligation such as under data protection laws Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and our Websites (including troubleshooting, security, data analysis, testing, system maintenance, support, reporting and hosting of data)	Contact Information Online Identifiers	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Online Identifiers Product Information Marketing and Contact Preferences	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) Where required, with your consent
To contact customers and prospective customers about products, services, sector developments and events we think may be of interest to you	Contact Information Product Information Marketing and Contact Preferences	If required by marketing laws, we seek consent before sending marketing materials to individuals and in such cases consent is our lawful basis for sending marketing to you Where consent is not required, to send marketing materials based on our legitimate interest (to grow our business)

Services

Purpose/Activity	Personal Data	Lawful basis for processing including basis of legitimate interest
To provide the Services to our Customers such as to ensure that messages sent on behalf of Customers are correctly routed to select and consolidate third party data sources to deliver accurate data to Customers and to provide data intelligence and/or fraud risk assessment to our Customers.	End User Contact Data Telco Data Aggregator Data Services Data	Necessary for our legitimate interests (to grow our business) for those of our Customers (to detect and prevent fraud) and for those of our Customer’s end users (to enjoy a safe and efficient online experience)
To manage billing queries of Customers	Log Data Customer Relationship Data	Necessary for our legitimate interests (to correctly bill our Customers)
To filter and block messages in accordance with Telesign’s policies, legal obligations and arrangements with carriers	End User Content Data	Necessary for our legitimate interests (to maintain a working relationship with carriers who deliver messages on behalf of our Customers) Necessary to comply with a legal obligation
To comply with legal and auditing requirements	Log Data Customer Relationship Data	Necessary to comply with a legal obligation
To resolve bugs and errors and for general improvement of our models and Products	End User Content Data Log Data	Necessary for our legitimate interests and those of our Customers (to provide a quality Service to our Customers)
To protect our business and the Services (including troubleshooting, security and system maintenance) and to detect violations of Customer agreements	Log Data Customer Relationship Data	Necessary for our legitimate interests and those of our Customers (to protect the Services, our business and our Customers) Necessary to comply with a legal obligation such as maintaining appropriate technical and organizational security measures under data protection law
To resolve common issues affecting multiple Customers.	Support Data	Necessary for our legitimate interests and those of our Customers (to provide a quality Service to our Customers)

Business Contacts

Purpose/Activity	Personal Data	Lawful basis for processing including basis of legitimate interest
To process and deliver our or your order including: Manage payments, fees and charges Collect and recover money owed to us	Business Contact Data Enquiry Data	Necessary for our legitimate interests (to pay, be paid and recover debts due to us))
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey	Business Contact Data Enquiry Data Marketing and Contact Preferences	Necessary to comply with a legal obligation such as under data protection laws Necessary for our legitimate interests (to keep our records updated and to study how we use each others’ products and services)
To administer and protect our business	Business Contact Data Enquiry Data	Necessary for our legitimate interests (for running our business, provision of administration, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
To deliver relevant marketing to you and measure or understand the effectiveness of the advertising we serve to you	Business Contact Data Enquiry Data Marketing and Contact Preferences	Necessary for our legitimate interests (to study how Customers use products/services, to develop them, to grow our business and to inform our business strategy) Where required, with your consent
To contact customers, prospective customers and suppliers about products, services, sector developments and events we think may be of interest to you	Business Contact Data Enquiry Data Marketing and Contact Preferences	If required by marketing laws, we seek consent before sending marketing materials to individuals and in such cases consent is our lawful basis for sending marketing to you Where consent is not required, to send marketing materials based on our legitimate interest (to grow our business)

Who Do We Share Personal Data With?

When you use our Websites or if you are a Business Contact, your Personal Data is shared with our service providers who process data on our behalf. When our Customers use our Services, we share Personal Data about their End Users with data aggregators and phone carriers to obtain further information to share with our Customers. Other recipients may include public, government, judicial and law enforcement entities if we are legally permitted to do so.

Website

To operate our business we use the following trusted third parties:

cloud storage providers, such as Amazon Web Services, which provide our infrastructure,
marketing analytics providers,
customer relationship management providers,
learning management system providers, and
payment processing services providers.

These third party service providers are authorized to use the Personal Data only as necessary to provide their services. Telesign takes appropriate steps to ensure that these third party service providers protect your Personal Data, such as by signing data processing agreements with them and assessing their security measures. Telesign may also share the Personal Data with its affiliates and will only use the Personal Data as described in this notice. Additionally, your Personal Data may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Services

We share Personal Data with our Customers to deliver our Services. Full details about the Services we make available to our Customers can be found here. As an example, Customers who use our Intelligence product receive:

Details about the mobile phone carrier (e.g. Verizon), type of phone number (e.g. pre-paid, premium number or VoIP) and location of registration (e.g. Long Beach, Los Angeles) that was used to register with our Customer.
The country in which any IP address provided to us by our Customer is located.
A risk score indicating whether the phone number provided by our Customer exhibits signs of anomalous behavior indicating fraud and we have calculated that risk score (e.g. it is a VoIP number that places a large number of short duration calls).

Personal Data may also be shared with the following trusted third-parties:

email, data and SMS/voice communications providers so that we can send communications on behalf of our Customers; and
cloud storage providers, such as Amazon Web Services, which provide our infrastructure.

Business Contact

To operate our business we use the following trusted third parties:

cloud storage providers, such as Amazon Web Services, which provide our infrastructure,
supplier relationship management providers, and
payment processing services providers such as Stripe.

Links to other websites

Our Websites include links to other sites whose privacy practices may differ from ours. If you submit Personal Data to any of those sites, their use of your information is governed by their respective privacy notices.

What Are Your Privacy Rights & Choices?

You have rights about the Personal Data we process about you which may include the right to ask us for a copy of your Personal Data or to delete or change your Personal Data or to port your data. You may also be able to ask us to stop processing your Personal Data or unsubscribe from our marketing. You can also complain to a data protection regulator.

Depending on where you are located and how you interact with Telesign you may have one or more of the following rights:

The Right to Access: You can confirm whether we are processing your Personal Data, ask to know the specific pieces of Personal Data we have about you, and ask for a copy. You also may have the right to know the categories of Personal Data we have collected, the categories of sources from which we collected Personal Data, the business or commercial purposes for collecting, selling, or sharing Personal Data, and the categories of third parties to whom we disclose Personal Data.
The Right to Rectification: If your Personal Data is incorrect or incomplete, you can ask us to update it.
The Right to Object: You can object to the processing of your Personal Data. For example, you have a choice about whether or not you wish to receive marketing information from us. You can use the unsubscribe option within Telesign’s marketing emails or unsubscribe via this email address: [email protected].
The Right to Restrict: You can object to the processing of your Personal Data.
The Right to Data Portability: If applicable, you can ask to receive the Personal Data you provided to us in a structured, commonly used, portable format.
The Right to Withdraw Consent: At any time, you can withdraw any consent you previously provided to us. This will not affect any processing we have already carried out based on your past consent.
The Right to Delete: You can request to delete your Personal Data and we will honor it to the extent that it is no longer necessary for any Services contracted by our Customer or required for our legitimate business purposes, legal or contractual record keeping requirements.
The Right to Opt Out: If applicable, you may opt out of (1) the sale or sharing of your Personal Data, (2) targeted advertising, and (3) profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.
The Right to Limit Our Use of Sensitive Personal Data: If we use or disclose sensitive Personal Data for purposes other than those allowed by applicable law, you may be able to limit our use of same.
The Right to Not Be Discriminated Against. You may have the right not to be discriminated against for exercising your privacy rights.

All of your rights above can be exercised by contacting us using the details specified below in the Contact Us section or via our Privacy Requests page. We may ask you to verify your identity with us before we process your request. Some laws allow individuals to make requests on behalf of others (i.e. authorized agents). If you are submitting a request on behalf of another individual, please use the same contact methods described above. After submitting the request, we will require further information to verify your authority to act on behalf of the other individual. If we deny a request, you may have the right to appeal our decision. You can do so through the same contact methods described above. As explained above, for some of Telesign’s products, Telesign processes Personal Data on behalf of its Customers. Where this is the case, you will be directed to our Customers by Telesign’s Privacy team.

Our Websites offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blogs, please Contact Us

How And Where Do We Store Your Personal Data?

We store your data in the USA and any other countries where Telesign or its affiliates and trusted third party service providers operate facilities. We protect it according to the law, by implementing appropriate security measures and we only retain your Personal Data for as long as necessary.

Data Security

The security of your Personal Data and our Customers’ confidential information is important to us. We maintain a comprehensive information security program designed to ensure the security of your Personal Data by implementing physical, technical, and administrative measures and safeguards. Telesign is ISO 27001 certified for the provision of infrastructure, application development, SOC operations, cybersecurity and global delivery of its Digital Identity Suite (PhoneID and Intelligence) and Programmable Communications Suite of Products (SMS and Voice communications).

We follow best practices and generally accepted standards to store and protect the Personal Data we collect, both during transmission and once received and stored, including utilization of hashing and encryption, where appropriate. For Personal Data collected or received over unsecured Internet channels, we encrypt the transmission of that information using secure socket layer technology (SSL/TLS).

Our Privacy and Security Teams regularly review our security and privacy practices and enhance them as necessary to help ensure the integrity of our systems and security of your Personal Data. Nonetheless, security vulnerabilities are continually evolving which means that no security measures can guarantee absolute security, but we will use reasonable efforts to prevent the accidental or unlawful loss, misuse or alteration of your Personal Data.

Data Retention

We review our data retention periods for Personal Data on a regular basis. We are legally required to hold some types of information for certain periods to fulfill our legal and statutory obligations. Outside of these obligations, we will hold your Personal Data in our systems for as long as is necessary:

to provide the Services you have requested or our Customer has contracted for,
to develop and improve our Services,
as mandated by law, contract or similar obligations that apply to our business operations,
for preserving, resolving (customer support), defending or enforcing our legal/contractual rights, or
as needed to maintain adequate and accurate business and financial records (billing purposes).

We take steps to destroy or permanently de-identify Personal Data once it is no longer needed. In some cases, we choose to retain usage information in a depersonalized or anonymized form. If Personal Data is anonymized, so that you can no longer be identified, the information ceases to be Personal Data and will not be subject to our regular retention policies or subject to the exercise of your rights and choices as outlined above.

How Do We Use Cookies And Similar Tracking Technologies?

We use cookies and other tracking technologies. For further information, please review our Cookie Notice which is considered a part of this Privacy Notice.

Contact Us

If you wish to exercise any of your privacy rights, have any questions or comments about our Privacy Notice, our practices or our Services, or wish to lodge a concern or complaint, please contact us at:

Website: Privacy Requests

Email: ‍[email protected]

Toll-free number: ‍1 800 850 3485

Postal address: Telesign Corporation, 13274 Fiji Way Suite 600, Marina del Rey CA 90292, USA

To communicate with our Data Protection Officer, please email [email protected].

To communicate with our Legal Team regarding law enforcement requests, please email [email protected].

We will respond to all requests, inquiries, or concerns promptly and in compliance with applicable law.

You also have the right to lodge a complaint with a data protection authority in your country of residence.

EEA, UK and Switzerland

The following section contains important information for those in the European Economic Area, the United Kingdom and Switzerland about how we protect your data when it is transferred to other countries and who you can contact with queries.

International Data Transfers

Personal Data provided to Telesign may be transferred to and otherwise processed in the United States, the European Union, the United Kingdom, Serbia, China, Colombia, Singapore and any other country in which Telesign’s trusted third party service providers operate facilities but only accessed by Telesign personnel as strictly necessary. When we transfer your information internationally, we will take steps to ensure that appropriate safeguards are put in place. These include the Standard Contractual Clauses approved by the European Union (and similar protections authorized by the authorities in the United Kingdom and Switzerland), with the aim of ensuring that your privacy rights continue to be protected as required by applicable law, and as outlined in this Privacy Notice.

Representatives

In additional to using the details specified below in the Contact Us section or via our Privacy Requests page, as Telesign is established in the United States, we have appointed the following representatives who you may contact to raise queries:

EU Representative:
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Telesign Corporation has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

– by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
– by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK Representative:
Pursuant to Article 27 of the UK GDPR, Telesign Corporation has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

– by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
– by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

United States, including California

This section applies only to Personal Data collected about individuals residing in the United States. Depending on the state in which you reside and the way in which you interact with us, you may be entitled to additional disclosures regarding the Personal Data we collect about you. You also may have certain rights regarding that Personal Data.

Notice at Collection of Personal Data

In our capacity as a business or controller under U.S. law, we currently collect and, in the 12 months prior to the date of this Privacy Notice, have collected the following categories of Personal Data:

Identifiers (name, postal address, online identifier, Internet Protocol address, email address, and date of birth)
Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; and username or account number)
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (telephone number as well as categories listed in above “Identifiers” category)
Commercial information (records of products or services purchased)
Internet or other electronic network activity information (browsing history and information regarding consumer’s interaction with website, application or advertisement)
Geolocation data
Sensitive personal information: The contents of a consumer’s text messages (under limited circumstances such as if fraud is suspected)

For the sources of Personal Data we collect, please see the “How Do We Collect Personal Data?” section above. For the business or commercial purposes for which we collect Personal Data, please see the “Why Do We Process Personal Data?” section above. For an explanation of how long we retain Personal Data, please see the “Data Retention” section above.

Sale, Sharing, and Disclosure of Personal Data

As described in our Cookie Notice, we use certain cookies and tracking technologies on our Websites through which unique personal identifiers are transferred to third-party advertising and data analytics providers. The use of certain types of cookies may be considered a “sale,” “share,” or “targeted advertising” under applicable state law. For example, the California Consumer Privacy Act defines “sale” as the transfer of Personal Data for monetary or other valuable consideration and “share” as the disclosure of Personal Data to a third-party for cross-contextual behavioral advertising.

In addition, under California law, our Digital Identity (PhoneID) and Intelligence services constitute a “sale” of Personal Data. As explained in the “Our Services” section above, Customers use these services to ensure that their users are not fraudulent. To do so, Customers provide us with limited Personal Data (e.g., telephone number) of the end user, which we receive in our capacity as a service provider. We use such Personal Data to collect additional information regarding the end user from third-party sources and to provide this additional information to our Customers so they can validate the end user. This limited transfer of Personal Data from us to our Customers constitutes a “sale” under the CCPA. The Personal Data we transfer to our Customers include identifiers as well as information regarding the phone number such as subscriber status, porting history and status, number deactivation, and call forward detection. For more information, please see the “Our Services” section above.

We do not knowingly collect, sell or share the Personal Data of consumers under 16 years of age. We do not collect or process sensitive Personal Data for the purpose of inferring characteristics about individuals and, consequently, do not collect sensitive Personal Data or use it for purposes other than those allowed by the CCPA and its regulations.

Your Privacy Rights

Please see “What are Your Privacy Rights & Choices?” for an explanation of your privacy rights, how you can exercise your privacy rights, and what you can expect from that process. In addition, below we list two privacy rights applicable to California residents.

Right to Opt Out of Sale or Sharing of Personal Data

If you are a California resident, you may have the right to direct us to stop selling or sharing your Personal Data. You may submit a request to opt out of sales or sharing through our interactive webform available by clicking on this link: “Do Not Sell or Share My Personal Information.” If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out.

Do Not Track

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, our Websites do not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

Shine the Light Law

We do not disclose Personal Data obtained through our Websites or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

China

This section contains important information for those in China, including legal grounds, special rights of deceased users’ close relatives, and how we protect your data when it is transferred from Mainland China to other countries.

Legal grounds

If we process Personal Data within China, we will mainly rely on at least one of following legal grounds in accordance with the applicable law:

Necessary for entering into or performance of a contract with you
Necessary for compliance with legal obligations
Necessary to respond to public health emergencies or protect your life, health and property safety in emergencies;
Where the Personal Data has been publicly disclosed or legally disclosed to us, the processing is within a reasonable scope, and you have not objected to the processing of such Personal Data.

The right of close relatives

Close relatives of a deceased user can exercise their rights to access, correct or delete the deceased user’s Personal Data where the relative has a legal right or interest in making the request.

International Data Transfers

Personal Data provided to Telesign may be transferred to us by our Customers in Mainland China to other countries or regions in which Telesign or its affiliates/trusted third party service providers operate facilities. When your information is transferred internationally, we or our Customers will take measures to ensure that appropriate safeguards are put in place. These may include the security assessment organized by the Cyberspace Administration of China (“CAC”), the certification of Personal Data protection given in accordance with the requirements adopted by CAC, or the Standard Contractual Clauses provided by the CAC, with the aim of ensuring that your privacy rights continue to be protected as required by applicable law, and as outlined in this Privacy Notice.

Colombia

The following section contains important information for those in the Republic of Colombia including processing based on your consent and how to exercise your rights.

Processing of your Personal Data

Under Colombian data protection regulations, the primary legal basis for the processing of your Personal Data will be your prior consent. Telesign will process (e.g., collect, store, use, transfer, circulate or delete) your personal data for the purposes described in this Privacy Notice.

Procedures for data subjects to exercise their rights

Under Colombian data protection regulations, you have the right to access (free of charge), consult, rectify and update your Personal Data, request for the deletion of your Personal Data, file complaints with the supervisory authority, revoke your consent, as well as be informed about the use of your Personal Data.

In order to file a formal complaint before Telesign, you may send an email to [email protected], which will be answered within 15 business days from the date of receipt.

In order to consult your Personal Data, you are entitled to make inquiries to Telesign by sending an email to [email protected] which will be answered within 10 business days from the date of receipt.