FIRST AND FOREMOST
TeleSign is committed to protecting your privacy and keeping your personally identifiable information (“Personal Data”) secure. The term Personal Data shall be used throughout this Privacy Notice as the common term for personal information or personally identifiable information (aka, “PII”). In particular, this Privacy Notice has been updated to align with applicable privacy and data protection requirements including but not limited to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”),California Consumer Privacy Act (“CCPA”), Brazilian Lei General de Protecao de Dados (“LGPD”), Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Serbian Law on Personal Data Protection (“ZZPL”) (“Applicable Law”).
This Privacy Notice describes how TeleSign collects, uses, shares and retains Personal Data, what choices you have with respect to your Personal Data, and how we keep it secure. We aim to be fully transparent in this Privacy Notice by describing our privacy practices in simple, easy-to-understand language, and giving you control over your Personal Data that you have entrusted us with. We will work hard to maintain your trust in us by being honest and direct when it comes to your Personal Data. Your trust is our top priority and by helping you understand our Privacy Notice, we intend to open the way to better communications and service.
This Privacy Notice applies to TeleSign’s products and services (“Services”), including www.telesign.com, portals customers use to access TeleSign Services (“Customer Portals”), and other TeleSign websites (“Websites”) and other interactions (e.g. customer service inquiries, user conferences, job applications, etc.) you may have with TeleSign. By continuing to use our Websites and Services, you acknowledge and consent to the practices described in this Privacy Notice, including the latest updates.
Our business may change from time to time. As a result, at times it may be necessary for TeleSign to make changes to this Privacy Notice so please check this page occasionally to ensure that you are happy with any changes before you provide any Personal Data. We will announce any material changes to this Privacy Notice via channels appropriate to our relationship with you. This Privacy Notice was last updated in December 2020 and shall be updated at least annually.
WE ARE TELESIGN
. . . one of the world’s largest and most trusted CPaaS (“Communications Platform as a Service”) and customer identity and engagement solutions provider, based in Los Angeles, California. We are wholly owned by Belgacom International Carrier Services (“BICS”), which is headquartered in Brussels, Belgium.
Data Processor (a.k.a. Service Provider under CCPA)
For the most part, we are a “Data Processor” whereby we process Personal Data that we receive from organizations (“Customers”) for the provision of our Services. Customers receive Personal Data from you or others, and we process Personal Data on our Customers’ instructions.
Data Controller (a.k.a. Covered Business under CCPA)
In some cases (e.g. our Websites and Customer Portals), we are a “Data Controller” for the Personal Data that you give to us directly. That is when we determine the purposes and means of the processing.
However, regardless of whether we are a Data Controller or a Data Processor, TeleSign believes you – not us – have control over your Personal Data and you can access, manage and delete it, as described in this Privacy Notice.
HOW DO WE COLLECT PERSONAL DATA
As a Data Processor, we receive your Personal Data from our Customers. We process your Personal Data at our Customer’s direction through their use of our Services which are governed by contracts.
As a Data Controller, we collect Personal Data to provide the best possible experience when you utilize our Websites or Customer Portals, for example, or when you contact us about our Services.
We collect information in a variety of ways directly from you, when you:
- Correspond with us by phone or email
- Apply for a job or register to attend training
- Participate in surveys, evaluations and promotions
- Join an email mailing list
- Request support from our customer support team for TeleSign Services
- Submit Personal Data through our Websites and Customer Portals
- Use our Services
We also collect supplemental information from other sources, including:
- From third parties such as TeleSign affiliates and partners
- From third parties that have your permission to share your personal data with us
- From publicly available sources of information
At conventions, trade events, and expos
WHAT PERSONAL DATA DO WE COLLECT
We collect the following categories of Personal Data:
Identifiers Name, date of birth, postal address, unique personal identifiers, online identifiers, IP address, email address, username or account number, device identifiers, e.g. IMEI/IMSI Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))Telephone number, education, employment, employment history Commercial information Records of products or services purchased Internet or similar network activity Browsing history, information on a consumer’s interaction with a website, application, or advertisement (“cookies”); marketing and contact preferences Geolocation data Location data Professional or employment-related information Current or past job history or performance evaluations (employees only)Inferences drawn from other personal information Profile reflecting a person’s fraud risk score based on behavior and data intelligence.
We do not store or retain credit card information. For payments, we use third party payment processors who specialize in the secure online capture and processing of credit/debit card transactions.
TeleSign does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide Personal Data without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to TeleSign, please Contact Us, and we will delete that information from our databases in the earliest possible timeframe.
WHY DO WE COLLECT PERSONAL DATA
TeleSign collects Personal Data to provide outstanding customer service, operate the Services we provide to Customers, for marketing of our Services, to detect, prevent, mitigate and investigate fraudulent or illegal activities.
As a Data Processor, we collect and use your Personal Data in accordance with the contractual obligations we have with our Customers. As a Data Controller, we collect and use your Personal Data only when you have provided us with your consent, or we operate on the basis of legitimate interest to develop solutions that prevent fraudulent and illegal behaviors.
We may collect your Personal Data for one or more of the following business purposes:
- To provide you with information, goods, or services
- To conduct research and maintain statistics
- To send you SMS / text messages or make voice calls to you that contain alerts, reminders, notifications or one-time passcodes
- To send you SMS / text messages or make voice calls to you for automatic verification and power private two-way communications on digital platforms owned by our Customers
- To provide data intelligence and/or fraud risk assessment about your phone number to our Customers. Data intelligence includes device information, SIM swap detection, subscriber status, contact information, location, risk score, etc., in order to strengthen authentications, evaluate fraud risks, prevent fraudulent behaviors and enhance the user experience. Our Customers obtain your consent for some of these data services that we provide.
For the purposes of the CCPA, we may sell (use or communicate for valuable consideration) your Personal Data for the following business purposes:
- To promote and market TeleSign’s services
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity
- To provide you with information regarding your account and the TeleSign Services. Collecting your personal information enables us to better understand your needs and interests, improves our service, and personalize communications.
We may analyze your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your Personal Data to detect, mitigate and prevent fraud.
WHO DO WE SHARE PERSONAL DATA WITH
Unless you give us your permission, we will not share your information with third parties for marketing purposes or any other unauthorized business purpose.
Personal Data may be shared with the following trusted third-party service providers who require the Personal Data to perform their work on TeleSign’s behalf:
- anti-fraud services providers;
- email, data and SMS/Voice communications providers;
- cloud storage providers;
- marketing analytics providers;
- customer relationship management providers, and
- payment processing services providers.
These third parties service providers are authorized to use the Personal Data only as necessary to provide their services. TeleSign takes appropriate steps to ensure that these third parties service providers protect your Personal Data. TeleSign may also share the Personal Data with its affiliates and will only use the Personal Data as described in this notice. Additionally, your Personal Data may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Links to other websites
Our Websites include links to other sites whose privacy practices may differ from ours. If you submit Personal Data to any of those sites, their use of your information is governed by their respective privacy policies.
YOUR PRIVACY RIGHTS & CHOICES
As a Data Controller (a.k.a. Covered Business under CCPA), for Personal Data that TeleSign receives from you directly, you have the following rights:
- The Right to Transparency: You have the right to be informed about our privacy and data protection practices in this Privacy Notice.
- The Right to Access/Disclosure: You have the right to know about the specific pieces of Personal Data we have about you, and we will provide you with what we have upon request.
- The Right to Rectification: If your Personal Data is incorrect or incomplete, you have the right to ask us to update it.
- The Right to Object: You have the right to object to or ask us to restrict the processing of your Personal Data.
- The Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, portable format.
- The Right to Withdraw Consent/CCPA’s ”Do Not Sell My Personal Information”: At any time, you can opt-out of processing or having your Personal Data sold by contacting us.
- The Right to Delete (GDPR’s “RTBF”): You have the right to request to delete your Personal Data and we will honor it to the extent that it is no longer necessary for any Services contracted by our Customer or required for our legitimate business purposes, legal or contractual record keeping requirements.
All of your rights above can be exercised by as specified below in Contact Us section.
As a Data Processor, we provide customer identity and engagement solutions to our Customers that involve the processing of Personal Data, including mobile phone numbers, on their behalf. Inquiries relating to Personal Data that we process through our Services on behalf of our Customers should be directed to our Customers.
You can visit our Websites without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain features of our Websites.
Our Websites offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blogs, please Contact Us.
We will not contact you for marketing purposes by email, phone, post or text message unless you have given your prior consent. You can change your marketing preferences at any time by Contacting Us.
DATA SECURITY & RETENTION
The security of your Personal Data and our Customers’ confidential information is important to us. We maintain a comprehensive information security program designed to ensure the security of your Personal Data by implementing physical, technical, and administrative measures and safeguards.
We follow best practices and generally accepted standards to store and protect the Personal Data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. For Personal Data collected or received over unsecure Internet channels, we encrypt the transmission of that information using secure socket layer technology (SSL/TLS).
Our Privacy and Security Team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and security of your Personal Data. Nonetheless, security vulnerabilities are continually evolving which means that no security measures can guarantee absolute security, but we will use reasonable efforts to prevent the accidental or unlawful loss, misuse or alteration of your Personal Data.
We review our data retention periods for Personal Data on a regular basis. We are legally required to hold some types of information to fulfill our statutory obligations. We will hold your Personal Data in our systems for as long as is necessary to provide the Services you have requested or our Customer had contracted for, and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations application to our business operations;
- for preserving, resolving (customer support), defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records (billing purposes).
We take steps to destroy or permanently de-identify Personal Data once it is no longer needed. In some cases, we choose to retain usage information in a depersonalized or aggregated form. Once aggregated, this information ceases to be Personal Data and will not be subject to our regular retention policies or subject to the exercise of your rights and choices as outlined above.
INTERNATIONAL DATA TRANSFERS
Personal Data provided to TeleSign may be transferred to, accessed from and otherwise processed in the United States, the European Union, the United Kingdom, Serbia and any other country in which TeleSign or its affiliates operate facilities. Some of these facilities are located in a country outside of the US/EU/Serbia/Brazil/UK/Canada. These countries may not have similar data protection laws as the Applicable Law. By submitting your Personal Data, you are agreeing to this transfer, storing or processing. When we transfer your information outside of the US/EU/Serbia/Brazil/UK/Canada, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as required by the Applicable Law and as outlined in this Privacy Notice.
TeleSign offers EU Model Clauses, also known as Standard Contractual Clauses, and Data Processing Agreements to meet the adequacy and security requirements for our Customers that operate in the EU, and other international transfers of Personal Data.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the vital work we do and/or our Services, then you may (i) choose not to submit any Personal Data to us; or (ii) access the unsubscribe option with the TeleSign email communications; or (iii) unsubscribe via this email address: firstname.lastname@example.org.
If you wish to exercise any of your privacy rights, have any questions or comments about our Privacy Notice, our practices or our Services, or wish to lodge a concern or complaint, please contact us at:
1 800 850 3485
13274 Fiji Way Suite 600, Marina del Rey CA 90292, USA
To communicate with our Data Protection Officer, please email email@example.com.
To communicate with our Legal Team regarding law enforcement requests, please email firstname.lastname@example.org.
We will respond to all requests, inquiries, or concerns promptly upon becoming aware but in any case, within thirty (30) days.