Privacy Shield Framework

In accordance with the Privacy Shield Framework:

TELUS International (U.S.) Corp., Voxpro Group LLC, and Xavient Digital LLC, collectively TELUS International, are members of the TELUS International group of companies and provide outsourcing solutions to business customers based around the world, including contact center services. In connection with the provision of services, TELUS International may receive, access, store or otherwise process (collectively, “handle”) personal information of its customers, including personal information of individuals resident or located in the European Economic Area (“EEA”) and Switzerland.

TELUS International primarily handles personally identifiable information as a data processor. In this capacity TELUS International processes personal information on behalf of, and under the direction of, a business customer (this can include the handling of information in connection with providing contact center services). As such TELUS International is not the data controller and individuals must refer to the privacy policies of those business customers from which their data originated.

Where TELUS International collects personal information of an individual (a “client”) in connection with activities other than providing processing services to a business customer, such personal information will be subject to this Policy.

EU-US and Swiss-US Privacy Shield Frameworks

TELUS International complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, pursuant to the Privacy Shield. TELUS International has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, TELUS International commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this Policy should first contact TELUS International at:

TELUS International Privacy Officer 2251 S Decatur Blvd, Las Vegas, NV 89102 TI.Privacy.Office@telusinternational.com +1.702.238.7900

TELUS International has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

For Human Resources Data Only: Telus International commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel or Commissioner, with regard to human resources data transferred from the EU or Switzerland, to the United States in the context of the employment relationship. EU individuals wishing to reach their area DPA’s may locate them by going to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. Swiss individuals wishing to contact their local FDPIC may locate them by going to https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html. TELUS International is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“FTC”).

For the purposes of the Privacy Shield Principles “personal information” means information that: (1) is transferred from the EEA and Switzerland to the U.S.; (2) is recorded in any form; (3) is about, or pertains to a specific individual; (4) can be linked to that individual; and (5) is collected by TELUS International in connection with activities other than providing processing services to a business customer. Personal information does not include data that is de-identified, anonymous or publicly available.

Accountability For Non-Human Resources Data

TELUS International is responsible for personal information under its control and shall designate one or more persons who are accountable for TELUS International’s compliance with the following principles.

1.1 Responsibility for ensuring compliance with the provisions of the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield rests with the senior management of TELUS International, which shall designate one or more persons to be accountable for compliance. Other individuals within TELUS International may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.

1.2 The TELUS International contact for handling complaints, access requests, and any other issues related to TELUS International’s implementation of the principles of the EU-US Privacy Shield and US-Swiss Privacy Shield is the Director of Global Security, who can be reached at TI.Privacy.Office@telusinternational.com

1.3 TELUS International is responsible for personal information in its possession or control. TELUS International shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Security Safeguards and Onward Transfer section).

1.4 TELUS International shall implement policies and procedures to give effect to the principles of the EU-US Privacy Shield and US-Swiss Privacy Shield, including:

  1. implementing procedures to protect personal information and to oversee TELUS International’s compliance with the principles of EU-US Privacy Shield and US-Swiss Privacy Shield
  2. establishing procedures to receive and respond to inquiries or complaints
  3. training and communicating to staff about TELUS International policies and practices
  4. developing public information to explain TELUS International policies and practices

Notice: Identifying Purposes for Collection of Personal Information

TELUS International shall identify the purposes for which personal information is collected at or before the time the information is collected.

2.1 TELUS International may collect personal information such as name, age, birthdate, gender, phone number and address for the following purposes:

  1. to establish and maintain responsible commercial relations with clients and to provide ongoing service
  2. to understand client needs and preferences
  3. to develop, enhance, market or provide products and services
  4. to manage and develop TELUS International business and operations, including personnel and employment matters
  5. to meet legal and regulatory requirements

2.2 TELUS International shall specify orally, electronically or in writing the identified purposes to the client at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within TELUS International who shall explain the purposes.

2.3 Unless required by law, TELUS International shall not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the client.

2.4 Telephone calls to or from service representatives involving personal information may be monitored or recorded for quality assurance purposes.

Choice: Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and consent of a client is required for the collection, use, or disclosure of personal information, except where not required by applicable privacy legislation. In certain circumstances personal information may be collected, used, or disclosed without the knowledge and consent of the individual. For example:

3.1 TELUS International provides services on behalf of many business clients and as such, is primarily a processor of data. An individual wishing to limit the use or sharing of their data will be directed to contact our client’s privacy office, where appropriate.

3.2 If in the future, our business practices change to require us to be a controller of your personal data, TELUS International will update this policy as needed and provide EU and Swiss individuals with appropriate choice.

Limiting Collection of Personal Information

TELUS International shall limit the collection of personal information to that which is necessary for the purposes identified by TELUS International. TELUS International shall collect personal information by fair and lawful means.

4.1 TELUS International primarily acts as a processor of personal information from its clients.

4.2. If in the future, our business practices change and require us to disclose personal information to third parties outside of our client relationships, TELUS International will update this policy as needed and inform individuals of their choices in limiting data sharing.

Limiting Use, Disclosure, and Retention of Personal Information

TELUS International shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. TELUS International shall retain personal information only as long as necessary for the fulfillment of those purposes.

5.1 TELUS International may disclose a client’s personal information to:

  1. a person who in the reasonable judgment of TELUS International is seeking the information as an agent of the client
  2. a company involved in supplying the client with communications or communications related services
  3. another company or individual for the development, enhancement, marketing or provision of any of TELUS International products or services
  4. an agent used by TELUS International to evaluate the client’s creditworthiness or to collect the client’s account
  5. a credit reporting agency
  6. a public authority or agent of a public authority, if in the reasonable judgment of TELUS International, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information
  7. a third party or parties, where the client consents to such disclosure or disclosure is required by law to meet legal or regulatory requirements such as under a court order or to a government institution
  8. others as required by law

5.2 From time to time TELUS International may sell parts of its business, sell or securitize assets, or merge or amalgamate part or all of its business with other entities. Since client and account information will normally be a part of such transactions, TELUS International may use or disclose personal information in such context to other parties included in the transaction, as part of due diligence and/or completion of the transaction.

5.3 Only TELUS International employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about clients.

5.4 TELUS International shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a client, TELUS International shall retain, for a period of time that is reasonably sufficient to allow for access by the client, either the actual information or the rationale for making the decision.

5.5 TELUS International shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

Correction: Accuracy of Personal Information

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

6.1 Personal information used by TELUS International shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a client.

6.2 TELUS International shall update personal information about clients as and when necessary to fulfill the identified purposes or upon notification by the individual.

Security Safeguards and Onward Transfer

TELUS International shall protect personal information by security safeguards appropriate to the sensitivity of the information.

7.1 TELUS International shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. TELUS International shall protect the information regardless of the format in which it is held.

7.2 TELUS International shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.

7.3 All TELUS International employees with access to personal information shall be required to respect the confidentiality of that information.

7.4 Where TELUS International transfers personal information to a third party that is acting as an agent or service provider, prior to the transfer TELUS International will enter into a written agreement with the third party requiring that the third party provide at least the same level of privacy protection as is required by the EU-US Privacy Shield and US-Swiss Privacy Shield Principles.

7.5 TELUS International will also provide that the third party may not use the information for any purpose other than the delivery of services to TELUS International.

7.6 Pursuant to the Privacy Shield Frameworks we are obliged to inform EU and Swiss individuals that we may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

7.7 In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US Privacy Shield and Swiss-U.S. Privacy Shield, TELUS International is potentially liable.

Openness Concerning Policies and Practices

TELUS International shall make readily available to clients specific information about its policies and practices relating to the management of personal information.

8.1 TELUS International shall make information about its policies and practices easy to understand, including:

  1. the means of gaining access to personal information held by TELUS International
  2. a description of the type of personal information held by TELUS International, including a general account of its use

8.2 TELUS International shall make available information to help clients exercise choices regarding the use of their personal information and the privacy-enhancing services available from TELUS International.

Access to Personal Information

TELUS International acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Privacy Shield and shall inform a client of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A client shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.1 Upon request to TI.Privacy.Office@telusinternational.com, TELUS International shall afford clients a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time, and at minimal or no cost to the individual.

9.2 In certain situations, TELUS International may not be able to provide access to all the personal information that it holds about a client. For example, TELUS International may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, TELUS International may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor – client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal, provincial or state law. If access to personal information cannot be provided, TELUS International shall provide the reasons for denying access upon request.

9.3 Upon request, TELUS International shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information.

9.4 In order to safeguard personal information, a client may be required to provide sufficient identification information to permit TELUS International to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.

9.5 TELUS International shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, TELUS International shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

Challenging Compliance

TELUS International uses a self-assessment approach to assure compliance with the principles of EU-US Privacy Shield and US-Swiss Privacy Shield and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible and in conformity with the requirements. A client may submit any questions, complaints or disputes concerning TELUS International’s compliance with the above principles to the TELUS International contact identified in section 1.2 of this Policy.

TELUS International will investigate and attempt to resolve complaints and disputes regarding use and disclosure personal information in accordance with the principles of EU-US Privacy Shield and US-Swiss Privacy Shield. With respect to any complaints related to this Policy that cannot be resolved through TELUS International’s internal processes, TELUS International shall cooperate in an independent dispute resolution process to resolve such disputes through the BBB EU PRIVACY SHIELD PROGRAM.

10.1 TELUS International shall maintain procedures for addressing and responding to all inquiries or complaints from its clients about TELUS International’s handling of personal information.

10.2 The person or persons accountable for compliance with this Policy may seek external advice where appropriate before providing a final response to individual complaints.

10.3 TELUS International shall investigate all complaints concerning TELUS International’s compliance with the principles of EU-US Privacy Shield and US-Swiss Privacy Shield. If a complaint is found to be justified, TELUS International shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A client shall be informed of the outcome of the investigation regarding his or her complaint. With respect to any complaints relating to EU-US Privacy Shield and US-Swiss Privacy Shield compliance that cannot be resolved through TELUS International’s internal processes, TELUS International has agreed to participate in the independent dispute resolution procedures set forth by the BBB EU PRIVACY SHIELD PROGRAM.