Customer Privacy Policy

Your privacy is important to us

Your privacy is important to us

TELUS International is in the business of delivering solutions that enable our Customers to meet their strategic goals. We offer business process and IT outsourcing solutions, along with advisory services. Core to our commitment to putting Customers first is to ensure that Customer Personal Information that our Customers entrust to us, including sensitive personal information, is safeguarded, and that the privacy of our Customers’ End Users is respected.

Introduction

TELUS International’s privacy practices are developed in accordance with applicable legislation relating to privacy and information security, which may include, but is not limited to the Personal Information Protection and Electronic Documents Act (“PIPEDA“), the EU General Data Protection Regulation (Regulation (EU) 2016/679), as nationally implemented, supplemented, amended and replaced from time to time (“GDPR“), the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“), the Children’s Online Privacy Protection Act of 1998 (“COPPA“), the Video Privacy Protection Act of 1988, the Cable Television Protection and Competition Act of 1992, the Fair Credit Reporting Act (“FCRA“), the Philippine Data Privacy Act of 2012, and a variety of provincial and state privacy laws, all together the “Applicable Privacy Laws“.

TELUS International is committed to ensuring that our privacy management practices comply with the Applicable Privacy Laws as well as with our contractual commitments, which commitments may include assisting our Customers with their own privacy compliance requirements. Our commitment to our Customers is that we will work with them to protect privacy in all our service offerings.

This TELUS International Customer Privacy Policy (this “Privacy Policy“) outlines the responsibilities of TELUS International and its subsidiaries (collectively “TELUS International” or “we“) concerning the protection of Personal Information entrusted to TELUS International by our Customers.


For the purpose of this Privacy Policy the following terms shall have the following meanings. Terms defined elsewhere in this Privacy Policy shall have those meanings.

Customer means a customer or potential customer of TELUS International who is a business, enterprise, sole proprietor or other organization.

Customer Personal Information has the meaning given to it in the “What Personal Information Do We Collect?” section below.

End User means users of Customers’ products or services, or clients, customers or patients of Customers.

Personal Information means any information relating to an identified or identifiable natural person.

Privacy Shield: Refers to the EU-U.S. Privacy Shield Framework which was designed by the U.S. Department of Commerce and the European Commission, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.


This Privacy Policy applies to Customer Personal Information that is in TELUS International’s custody for the purposes of providing services to the Customer. It includes Customer Personal Information that is in the possession of service providers who have been contracted to provide services on TELUS International’s behalf.

The application of this Privacy Policy is subject to the requirements or provisions of any applicable legislation, regulations, agreements or the ruling of any court or other lawful authority.

All TELUS International employees, contractors and agents with access to Customer Personal Information are required to comply with this Privacy Policy.


In order to provide services to Customers, we collect and process the following Personal Information (“Customer Personal Information”):

1) Customer Contact Information

This is Personal Information that we collect from Customer representatives at various stages of our relationship with Customers, such as when Customers approach us to find out information about our services, and when we continue to work with Customers to provide tailored solutions to their requirements. Such Personal Information consists of, amongst others:

  • names;
  • email addresses;
  • mailing addresses;
  • telephone numbers;
  • information for account administration (such as usernames and passwords);
  • IP addresses; and
  • financial information (such as payment information, credit card information, including bank account names and details)

2) End User Information

This is Personal Information that relates to End Users and which is entrusted to TELUS International by Customers in order for TELUS International to provide services to Customers which may be used by or otherwise affect the End Users. Such Personal Information consists of amongst others:

  • names;
  • email addresses;
  • mailing addresses;
  • telephone numbers;
  • information for account administration (such as usernames and passwords);
  • IP addresses;
  • behavioural information (such as interactions, preferences, habits, feedback, needs and problems);
  • financial information (such as credit card numbers, bank account names and details and account histories); and
  • special categories of data (such as personal health information and other health data).

We use Customer Personal Information for the following purposes:
  • to communicate with Customers throughout their relationship with TELUS International;
  • to understand Customer and End User needs and preferences;
  • to provide products and services that are tailored to Customers’ and End Users’ requirements;
  • to ensure that our products and services continue to be responsive to Customers’ and End Users’ requirements, including by providing technical support and training, and improve functionality;
  • to investigate and resolve incidents and Customer or End User complaints;
  • to bill Customers and process Customer payments;
  • to promote or sell products or services to Customers and End Users, in accordance with any applicable marketing or telemarketing legislation;
  • to further our business objectives, such as to perform data analysis, audits, fraud monitoring and prevention, to enhance, improve or modify our services, to identify usage trends, to determine the effectiveness of our promotional campaigns and to operate and expand our business activities;
  • to meet any regulatory or legal requirements; and
  • to write or modify software applications and computer code, either for TELUS International or on behalf of TELUS International Customers;

1) Third Party Service Providers

We may disclose Customer Personal Information to certain service providers that we use to provide us with services, such as information technology services, payment processing services, SAAS-based financial applications, legal, accounting, consulting, auditing and related services.

We may also subcontract certain of our services to subcontractors, subject to the terms of our contracts with Customers.

Where we enter into a relationship with any service provider or subcontractor, we will have contracts in place with such service provider or subcontractor, in order to ensure that Customer Personal Information is protected in accordance with Applicable Privacy Laws.

2) Group Companies

We may disclose some Customer Personal Information between two or more of our group companies; including companies in other countries, inside or outside the European Union, in order to ensure that we are dedicating the appropriate group resources to Customer requirements, as well as for certain of our business purposes, such as for internal record keeping, accounting and regulatory compliance.

3) Corporate Transactions or Events

We may disclose Customer Personal Information to third parties in connection with a corporate reorganization, merger, restructuring, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any litigation, bankruptcy, insolvency or similar proceedings.

4) Legal Obligations

There may be certain legal reasons for disclosing Customer Personal Information:

  • to enforce our terms and conditions and contracts with Customers
  • to protect our group operations and rights
  • to protect the rights and safety of our Customers and End Users
  • to comply with court orders, enforcement actions by regulators or any other legal proceedings
  • to pursue any remedies available to us or limit damages that we may suffer
  • to respond to requests from public and governmental authorities, including public and governmental authorities outside of Customers’ countries of establishment
  • to comply with any other relevant aspects of applicable laws from time to time, including applicable laws outside of Customers’ countries of establishment, inside or outside of the European Union

TELUS International complies with Applicable Privacy Laws when transferring Customer Personal Information to and from different countries.

For transfers of Customer Personal Information outside of the EU to a third country that does not afford an adequate level of protection of Personal Information according to the European Commission, TELUS International has appropriate safeguards in place, and such transfers are made on the condition that enforceable rights and remedies are available for individuals to which the Personal Information being transferred relates.

The appropriate safeguards that TELUS International has in place consist of standard contractual clauses that have been approved by the European Commission and Privacy Shield compliance. TELUS International’s Privacy Shield registration can be found on the Privacy Shield list here.


Our Accountability Commitment

TELUS International is responsible to our Customers for Customer Personal Information in TELUS International’s possession or custody, including information that has been transferred for processing by TELUS International to a service provider or a third party in the course of conducting TELUS International’s business.

TELUS International acts as a Data Processor (as such term is defined in the GDPR) for its Customers, which effectively means that it processes Customer Personal Information on behalf of its Customers in order to provide services to those Customers.

TELUS International acts as a Business Associate (as such term is defined in HIPAA) for certain of its Customers, which effectively means that it processes Personal Health Information on behalf of its HIPAA covered-entity Customers in order to provide services to those Customers.

Executive Responsibility

Protecting privacy is an integral part of our services and all members of TELUS International’s executive team have a responsibility to enable and oversee operational compliance with TELUS International’s privacy policies and procedures within their own areas of responsibility, ensuring all business units are properly aware of and resourced to meet our privacy obligations.

Employee Accountability

As a core commitment of TELUS International, all members of the TELUS International team undergo mandatory annual privacy training to ensure their continued awareness of and compliance with applicable laws and our policies, including this Privacy Policy; we recognize that all employees play a role in earning and maintaining Customer trust and we undertake ongoing privacy awareness activities to create a culture of privacy at TELUS International.

Our Privacy Office

TELUS International has created a Privacy Office which is responsible for maintaining an accountable privacy management program specifically designed to protect the privacy of our Customers, and for setting policies and procedures to earn and maintain our Customers’ trust in our data handling practices.

TELUS International has appointed Data Protection Officers to oversee data privacy compliance in its Philippine and European Union operations and interface with the TELUS International Privacy Office. They may be contacted at:

For The Philippines: Glenda Lim, DPO.PH@telusinternational.com

For the EU: Daiann Irigoyen, DPO.EU@telusinternational.com


As TELUS International does not have a direct relationship with all of the End Users or all relevant employees, workers or representatives of its Customers, TELUS International requires that every Customer obtain any necessary consents or other authorisations required under Applicable Privacy Laws, so that TELUS International may collect, use and disclose Customer Personal Information for the purposes set out in this Privacy Policy on behalf of the Customer.


TELUS International uses cookies to understand how a Customer interacts with our websites, communications, services and selected third party websites, primarily with the aim of improving the user experience. We use cookies in a limited manner and only for purposes consistent with this Privacy Policy. For more information, please refer to our Cookies Notice.


We want to be transparent with our Customers about the purposes for which we collect and use Customer Personal Information. TELUS International receives Customer Personal Information from its Customers and End Users and collects Customer Personal Information from other entities or individuals on behalf of its Customers. We limit the collection of Customer and End User Personal Information to that which is necessary to fulfil the purposes identified herein and in accordance with the contractual agreement with the Customer. TELUS International requires its Customers to share Customer and End User Personal Information with TELUS International only to the extent that such information is lawfully obtained and necessary and sufficient for the purposes identified in this Privacy Policy and any contractual agreement.

TELUS International does not use Customer Personal Information for purposes other than as set out in this Privacy Policy and in accordance with the contractual agreement with the Customer, except as otherwise required or permitted by applicable law.


TELUS International has a policy respecting records retention and an associated retention schedule and will keep Customer Personal Information only as long as it remains necessary or relevant for the purposes of providing services to Customers and in accordance with the terms and conditions of the contractual agreement with the Customer, unless longer retention is otherwise required to meet legal or regulatory requirements.


TELUS International does not verify the accuracy of Customer Personal Information when it is received from a Customer. TELUS International relies on its Customers to ensure the accuracy and completeness of the Customer and End User Personal Information that has been supplied to TELUS International for the identified purposes and in order for TELUS International to perform services for its Customers.

TELUS International will take reasonable steps to maintain the integrity of the Customer Personal Information, and will ensure that appropriate safeguards are in place to protect any Customer Personal Information in its custody (see next section for further information).


TELUS International maintains an information security governance program to protect Customer Personal Information.

TELUS International, in compliance with its security policy, employs security measures appropriate to the sensitivity of the information in an effort to protect Customer Personal Information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction.  TELUS International maintains security certifications including PCI-DSS 3.0., SSAE16 SOC1 and SOC2 as part of its governance program.

TELUS International’s security measures include but are not limited to the following:

  • using appropriate administrative, physical and technical security controls designed to prevent and detect unauthorized access to Customer Personal Information;
  • employing encryption for data at rest and in transit, tokenization, de-identification and other mechanisms to protect Customer Personal Information as appropriate;
  • limiting access to Customer Personal Information to a need-to-know basis and applying the principles of least privilege and role-based access control
  • requiring secure disposal of any media containing Customer Personal Information;
  • prohibiting the use of Customer Personal Information in non-production or demonstration environments except with the express consent of the Customer;
  • implementing a Secure by Design methodology in our work processes;
  • identifying and assessing reasonably foreseeable risks to the integrity, confidentiality or availability of Customer Personal Information that we hold and taking reasonable steps to mitigate those risks through the implementation of safeguards;
  • regular testing of our safeguards and our overall security program.

TELUS International protects Customer Personal Information shared with service providers by employing contractual or other means in an effort to ensure that any such service provider will provide a comparable level of protection while Customer Personal Information is being processed by that service provider.

TELUS International employment agreements include contractual provisions for the safeguarding and proper usage of confidential information (including Customer Personal Information) accessible to our employees in the course of their employment. TELUS International takes appropriate disciplinary measures where necessary to enforce this Privacy Policy.


TELUS International strives to make information about its policies and practices accessible and easy to understand; this Privacy Policy is available on our privacy page at https://telusinternational.com/privacypolicy.


Unless we specifically contract to do so as part of the provision of services to a Customer, TELUS International will not generally respond directly to access requests or inquiries of End Users. We will instead make reasonable efforts to direct inquiries and access requests made by End Users to the appropriate Customer.

Customers should advise End Users to consult Customers’ own privacy policies to familiarise themselves with their rights under Applicable Privacy Laws.


TELUS International has developed a comprehensive incident readiness and response plan designed to identify the cause, extent and nature of an incident involving Customer Personal Information and to allow timely reporting to the Customer in accordance with Applicable Privacy Laws and our contractual terms.

TELUS International will provide reasonable assistance to our Customers to investigate and assist in the reporting of the incident to regulatory authorities or other required parties to prevent or minimise any loss or harm arising from such incident.

Cookie Policy

When you visit this website, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser. A cookie may also convey information to us about how you use the website (e.g., the pages you view, the links you click, or your preferred browsing language), and allow us to provide a better web browsing experience to you over time. The cookies we send do not give us access to your computer or allow us to collect or process any personal information. You can adjust your web browser’s settings to detect or disable cookies if you prefer, but this may affect the use of this site.

For more information about how we use any information that you may provide because of the use of this site and the terms of our privacy policy, please read the terms of our privacy policy found here: https://telusinternational.com/privacypolicy. If you proceed to use this website, you consent to us using, from time to time, information that we collect through our website cookies subject to the terms of this cookie policy and our privacy policy.

Contacting Us

For the purposes of the GDPR, TELUS International shall be the data processor in respect of Customer Personal Information and the relevant Customer shall be the data controller.

TELUS International maintains procedures for addressing and responding to all inquiries or complaints about TELUS International’s handling of Personal Information. These can be forwarded on a confidential basis to our Privacy Office at TI.Privacy.Office@telusinternational.com.

TELUS International will investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be justified, TELUS International will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.

Contact an outsourcing expert Contact an
outsourcing expert

Let us answer your questions, provide more details, or share our industry expertise.

Get in touch

Customer quote

In every interaction we have with TELUS International, they teach us something new about delivering great support. They teach us something new about our processes and capabilities, and how they can be improved.

Director, Enterprise Support
California-based tech giant