TELUS International Data Annotation Solutions Community Data Privacy Notice

TELUS International AI, Inc., and its affiliates are committed to protecting your privacy by maintaining the integrity and confidentiality of the personal data we collect from you in the context of our supplier engagement process and the fulfillment of your contractual relationship with us as a member of our community of translators, raters, testers and interpreters. This Privacy Notice describes how and why we, as controllers of your personal data, collect and process your personal data, including how we may use this personal data in the supplier engagement process and, if you are engaged to provide services to us, in connection with that contractual relationship (the “Purpose”).

Except where otherwise stated, the term “TELUS International” (or “we” or “us”) means TELUS International AI, Inc., or, if you are engaged by one of its affiliates, that affiliate company. Each company within the TELUS International Data Annotation Solutions division is a “TELUS International Group Company” and all of them together are referred to collectively as “TELUS International Group Companies.”

This Privacy Notice applies to every independent contractor and consultant of each TELUS International Group Company and, where applicable, other classes of workers too.

What personal data do we collect from you or ask you to provide and when?

TELUS International may ask you to provide us your personal data primarily in two stages.

Firstly, as part of our supplier engagement process and, if you elect to become a member of our community by agreeing to enter into a contract for services with us, we may collect certain personal data such as the items listed below for the purpose of engaging you, setting up a profile for you, administering our contractual relationship with you, and meeting our regulatory obligations as explained in more detail in the Section “Legal Bases and Purposes for Processing your Personal Data” of this Privacy Notice.

IMPORTANT: This list is intended to be as complete and accurate as reasonably possible, but it is not exhaustive and may be updated from time to time in the manner described in “Updates to our Privacy Notice”.

Contract Data

  • Name
  • Nationality
  • Education
  • Employment History
  • Gender
  • Government ID
  • Home Address, including Street, District, City, Postal Code and County
  • Home Telephone Number and Mobile Number
  • Personal Email Address
  • IP Address
  • Contract Service Date (including contract status changes)
  • Tax Information
  • Contract Service Rates
  • Bank Information
  • Review of Services Records Performance Management Records
  • Local Community Member ID
  • Site Location
  • Service Types Offered
  • Technical Competencies
  • Association Memberships
  • Language Competencies
  • Subject Matter expertise (including education and related credentials)
  • First and Last Name (in English and local language)
  • Mobile Number

Once your profile has been set up in our system, you’ll have the ability to provide us with further Demographic data about yourself. This Demographic data is not mandatory for entering into a services relationship with TELUS International and you may update or remove it at any time by accessing the relevant section within our community management system. This data will be used for the purpose of identifying suitable opportunities for you to provide services to TELUS International and take part in specific projects or studies, as explained in more detail in the Section “Legal Bases and Purposes for Processing your Personal Data” of this Privacy Notice.

Demographic Data

  • Gender
  • Handedness
  • Age (year of birth)
  • Ethnicity
  • Skin tone

At a second stage, if you are invited to agree to provide your services in connection with a specific project or study, we will normally request further information from you, including personal data, that, (often coupled with the data collected in the first stage), is necessary for the provision of the services to us or to our customers for the purposes of a particular study or project (“Work Product Data”). The specific types of personal data collected will depend on the specific project or study in which you agree to participate and may include, for instance, images, videos, or voice recordings of you and/or samples of your handwriting.

For certain projects, you may be asked to explicitly consent to provide further data that may include special categories of data for a specific study, such as data revealing racial or ethnic origin, genetic data and biometric data, and health data, as well as information about your social media profiles; this data will be collected, used and provided to the customer for the purposes of a particular study or project. Any consent form will make clear what personal data is being requested and the purposes for which the personal data is sought.

Moreover, where it is allowed by applicable laws, we may collect from you the personal data listed below for safety, security and access control purposes. We will inform you in an appropriate and timely manner if such data collection is taking place.

Security and Access Control Data

  • Date, time and location of access to the internet/online services using TELUS International devices, TELUS International’s customers’s devices, or through TELUS International systems (where appropriate)
  • Swipe Card Records (where appropriate)
  • CCTV Footage (where appropriate)
  • TELUS International System Communications (where appropriate)

Finally, when you browse TELUS International’s website, we automatically collect technical information, including personal data, about your visit to our website (“Cookies Data”), including, but not limited to, information about the device you are using to access our website, the IP address used to connect your computer to the internet and your browsing activity. For more information, please read the Section “Cookies and Other Data Tools” below.

Legal Bases and Purposes for Processing your Personal Data

We will process your personal data for the following purposes and on the following lawful bases:

Legal Basis

Entering into or Performance of a Contract with you

It is necessary to process your personal data in order to enter into and perform our obligations under our contract for services with you and to ensure that you are properly fulfilling your obligations to us. IMPORTANT: In the event that you do not wish to provide us with your personal data for these purposes, we will not be able to engage you to provide services.

Purposes

  • To set up your contributor profile in TELUS International’ systems.
  • To enable you to access and use TELUS International’s global technology network, if applicable to the services you are performing.
  • To carry out obligations under our contracts for services. This includes processing your personal data in order to make contractual payments due to you under your contract for services.
  • For the purposes of communications relating to the services you are performing, including processing your personal data in connection with surveys, and instructions.
  • To review the quality of services you are supplying, including the services performed for the benefit of our customers including in the context of requested studies in which you agree to participate.
  • To manage the termination process when it comes to terminating your contract with us.

Categories of personal data

  • Contract Data
  • Work Product Data

Legal Basis

Legitimate Interests

We process your personal data on the basis that the processing is necessary for the purposes of TELUS International’s legitimate interests where we believe those interests are not overridden by your interests or fundamental rights and freedoms. In the right hand column we identify examples of those legitimate interests. I.

Purposes

  • To efficiently manage and administer our supplier engagement process. (We may also seek your consent for the provision of certain personal data, especially Background Data in the conduct of our supplier engagement process. The purposes for which the data will be processed is made clear at the relevant time and the data subject has the right to withdraw consent).
  • To meet customer expectations regarding the skills, expertise and background of our contractors who may be performing services for their benefit.
  • To meet our obligations towards our customer in the context of a specific study in which you agreed to participate.
  • To ensure we meet the data integrity and accuracy expectations, of a specific study for which you agreed to provide your services to us or to our customers.
  • To maintain a global database of service providers
  • To prevent fraud or criminal activity, to ensure the security of our technology systems, architecture and networks, and the security of our premises, including by conducting background checks (where appropriate or required by our customers).
  • To provide for a centralized, global approach to the provision of technology services to our employees, suppliers and contractors, and enable employees, suppliers and contractors to interact with one another. This normally involves the hosting of your contact and e-mail information.
  • To meet our corporate and social responsibility objectives.
  • To investigate and address allegations of supplier misconduct or breach of contract in which you are involved.
  • To review the services you are performing.
  • To file legal proceedings; to investigate, establish, exercise or defend legal claims; and to settle legal claims to which you are a party.
  • To ensure TELUS International’s website functions in a proper and secure manner.

Categories of personal data

  • Contract Data
  • Work Product Data
  • Security and Access Control Data
  • Cookies Data

Legal Basis

Compliance with a Legal Obligation

It is necessary to process your personal data to comply with our legal and regulatory obligations.

Purposes

  • To comply with our legal and regulatory obligations, such as tax reporting.

Categories of personal data

  • Contract Data

Legal Basis

Consent

We seek your consent to collect Demographic data provided voluntarily by you.

Purposes

  • To evaluate suitable services opportunities for you

Categories of personal data

  • Demographic data

Legal Basis

Explicit Consent

We rely on your explicit consent to process limited types of personal data and only for limited purposes.

Purposes

  • To collect, process and provide to our customers certain special categories of data for the purposes of particular studies in which you agree to participate.
  • To use cookies that are not necessary for the functioning of the TELUS International’s websites, when you visit TELUS International websites.

Categories of personal data

  • Special categories of data
  • Cookies Data

Legal Basis

Defend, Establish or be a Party to Legal Claims

It might be necessary to process your personal data in order for us to establish, investigate, exercise or defend legal claims to which you are a party.

Purposes

  • To file legal proceedings
  • To investigate, establish, exercise or defend a legal claim
  • To settle legal claims

Categories of personal data

  • Special categories of data

Parties with whom we Share your Personal Data

By disclosing your personal data as part of our supplier engagement process and the fulfillment of a contractual relationship with TELUS International, you acknowledge that your personal data may be shared among TELUS International Group Companies and outside the TELUS International Group Companies with third parties, including customers who are the beneficiaries of the services you may perform (as described below):

Recipient

TELUS International Group Company

  • Authorized TELUS International and other TELUS International Group Company’s Corporate and subsidiary community management, operations and finance personnel

Third Party Service Providers

  • Financial institutions
  • Network providers
  • Service provider systems providing recruiting, reference checks, interview scheduling, application tracking, onboarding, payment and other services

Other Recipients

  • Agents of TELUS International
  • Prospective buyers and sellers of TELUS International assets (to facilitate the acquisition of TELUS International or TELUS International assets by a third party)
  • External advisors (e.g. lawyers, bankers, owners, accountants and auditors and financial institutions and service providers as necessary to protect TELUS International’s legitimate and legal interests)
  • Regulatory authorities and law enforcement agencies (where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of TELUS International)
  • Customers of TELUS International (to facilitate the provision of services to customers)

We ensure that the third party to which your personal data is disclosed takes appropriate measures for the lawful and secure processing of your personal data in compliance with applicable data protection laws.

Please note that we will not disclose your personal data to any third party for the purposes of any direct marketing of products or services without your consent.

Monitoring:

We may on occasion, access and review your communications, both with TELUS International and with our customers, including the content of emails and your access to the internet, external websites and social media sites undertaken using TELUS International equipment or via a VPN, Citrix or similar communication from your home to our offices when you are using equipment loaned by TELUS International while fulfilling your obligations under the contract. This is not for prurient interest, nor is it undertaken in the usual course, but may be carried out in a proportionate manner for our legitimate interests and to comply with our legal duties. For example, monitoring may be required for the purposes of addressing customer concerns, investigating alleged supplier misconduct or breach of contract and protecting other parties, including TELUS International personnel from harassment, ensuring the security and proper use of our IT systems etc. In appropriate cases, monitoring may extend to deleted/archived materials and to searching the hard-drives of TELUS International-owned computer equipment. The product of all such monitoring may be used by us in legal proceedings including in any investigation into allegations of supplier misconduct or breach of contract. You should not therefore have an expectation of privacy and are advised not to use Company or customer-issued equipment for personal use. Monitoring will only be undertaken by a small group of authorized personnel and the data uncovered will be subject to the provisions of this policy.

Transfer of personal data outside Europe

(a) Transfers of your Personal Data

As a global company, TELUS International has implemented global privacy practices for processing personal data protected under various data protection laws. TELUS International stores and may share your personal data with other TELUS International Group Companies as well as with the above mentioned recipients some of whom may be located in countries outside the United Kingdom (“UK”) or the European Economic Area (“EEA”) (including for example the United States) that are not deemed to provide the same level of protection for personal data as the UK or the EEA. This may include community management, operations, human resources or finance personnel of other TELUS International Group Companies in jurisdictions different from the country where you perform your services. As described in clause (b) below, TELUS International has put in place appropriate safeguards to ensure that we transfer, process and store your personal data outside of the UK or the EEA in accordance with the requirements of the UK government or the EU Commission and the UK and EU General Data Protection Regulation (“GDPR”).

(b) Appropriate Safeguards

We only transfer your personal data outside the UK or the EEA where the UK government or the EU Commission has decided that the third country in question ensures an adequate level of protection in line with UK or EU data protection standards or there are appropriate safeguards in place to protect your personal data. For international transfers from the UK, EEA and Switzerland to a third country, we have entered into standard contractual clauses (SCC) as approved (and without amendment) by the EU Commission.

If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your personal data you can contact us at TI.Privacy.Office@TELUSInternational.com.

Storing and Protection of Your Personal Data

If you are bidding to be a TELUS International contractor, or consultant, or if you have a contractual relationship with a TELUS International Group Company, your personal data is stored in a centralized database information system and/or other systems that are hosted on a secure server located in the United States. We and/or our third-party service providers will process, view and maintain your personal data in the United States. We have entered into appropriate terms of service with our third-party service providers which restrict access to personal data while stored in the United States.

The databases on which your personal data is stored have security features built into them and our third-party service providers who supply the relevant software regularly test these and have data recovery systems in place in the unlikely event of a crash. Third-party service providers’ personnel are not given access to your personal data. Only authorized personnel within the hiring, sourcing, recruiting, HR or legal teams within TELUS International (including managers and team leaders) can access the system. Their entry to the system is through individually-issued passwords and we have in place audit logs, encryption, intrusion detection software, anti-virus or malware protection and system integrity tools to further protect your data.

We use commercially reasonable organizational, technical and administrative procedures to protect against unauthorized or unlawful access, processing, disclosure, alteration, destruction or accidental loss of your personal data. We collect, process, and maintain your personal data in accordance with the practices described in this Privacy Notice, applicable TELUS International policies and applicable local legal and regulatory requirements.

Retention of Your Personal Data

We will retain your personal data as long as needed to fulfill the purposes for which the data was provided as described in this Privacy Notice and in accordance with TELUS International records retention policies and local laws and regulations. When your personal data is no longer needed, we will securely destroy it.

For instance, we will retain your Work Product Data for the duration of the specific study for which it was collected, even after you withdraw from the study, based on our legitimate interests to meet our obligations towards our customer and to ensure the efficient conduct, accuracy and integrity of the study. We have assessed that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on your rights and fundamental freedoms.

Please note that in certain circumstances, we may be required to hold your data for a longer period, for example, if we are processing an ongoing claim or there is reason to believe that the law or a relevant regulator may reasonably in our view expect or require us to preserve your data.

In some cases, especially if litigation is envisaged we may retain contractual documentation for the relevant litigation limitation period; we may retain tax documentation for as long as applicable law requires in the relevant country; Background Data may be retained for 6-12 months after a contractor has been engaged in case there is a challenge to the onboarding process.

Data Breaches

While we make every effort to keep the personal data of our customers, contractors, consultants and workers secure, we cannot guarantee that no data breach will ever occur. It is absolutely essential and incumbent upon any person who provides services to TELUS International or to our customers, who becomes aware of any such breach, however minor and whether the breach has been caused by you, or by someone else, to bring this to the attention of TELUS International’s privacy team immediately. That way, we have the chance to remedy the situation as quickly as possible and to limit the damage that might otherwise be caused. We are under a duty to report a serious breach to the applicable regulator within a very short time span, normally 72 hours of becoming aware of the breach. Please retain any available evidence of the breach and provide that to the Privacy Team. In particular the Privacy team is likely to need to know what data has been disclosed, the circumstances of the breach and how widely the data has been disseminated, however please do not delay reporting breaches to the data protection officer if it will take time to ascertain this information. The contact details for the privacy team are set out below.

Your Rights in Relation to your Personal Data

We rely on you to provide accurate, complete and current personal data to us. The following table sets out your rights which, depending on applicable law, you may have to address any concerns or queries with us about the processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under the GDPR and other data protection laws that may be applicable to you.

Right of Access: You are entitled to ascertain what type of personal data TELUS International holds about you and what we do with that information. You are also entitled to receive a copy of this information.

Right to Rectification: You have a right to have any inaccurate personal data which we hold about you updated or corrected.

Right to Restrict Use: You have a right to stop TELUS International from using your personal data in certain cases, including if you believe that the personal data we hold about you is inaccurate or our use of your information is unlawful. If you validly exercise this right, we will store your personal information and will not carry out any other processing until the issue is resolved.

Right to Object: Where we rely on legitimate interest to use your personal data, you have a right to object to this use. We will desist from processing your personal data unless we can demonstrate an overriding legitimate grounds for the continued processing of your personal data.

Right to Erasure: In certain circumstances, you may also have your personal data deleted, for example if you exercise your right to object (see above) and TELUS International does not have any overriding reason to process your personal data or if TELUS International no longer requires your personal data for the purposes set out in this Privacy Notice.

Right to Data Portability: If we are processing your personal data in order to perform your contract of services or if we are relying on consent to process your personal data, you may request us to provide you with your personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.

Right to Object to Automated Decision-Making: You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. TELUS International will not subject you to a decision based solely on automated processing, including profiling.

You can exercise any of these rights in respect of your personal data by contacting us at aicommunitysupport@telusinternational.ai

TELUS International will honor your requests to exercise these rights as required under applicable data protection rules and will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

If you are in the United Kingdom or the EEA, you also have the right to lodge a complaint with your supervisory authority if you are not satisfied with how we process your personal data. The relevant authority in the United Kingdom is the Information Commissioner's Office. You can also find a list of the data protection authorities in the EEA and their contact details at https://edpb.europa.eu/about-edpb/board/members_en. However, if you do have a complaint, we would appreciate the chance to deal with your concerns first, so please do contact us in the first instance.

Cookies and Other Data Tools

When you visit the TELUS International website or the website of our third-party service providers, we or our third-party service providers may collect information through the use of cookies or other data analytic tools. When you visit TELUS International’s website for the first time, we ask for your consent before using cookies that are not necessary for the functioning of the TELUS International website, while we give you the possibility to change your preferences at any time. For more information on these tools and how we use the information collected, please see our TELUS International Cookies Policy on TELUS International.com located at https://www.telusinternational.com/privacypolicy/.

Updates to Our Privacy Notice

We may update, amend or remove this Privacy Notice from time to time. When we update or amend this Privacy Notice, we will also update the date at the bottom of this Privacy Notice. Only the current Privacy Notice is effective, so please review it periodically. When we materially update or amend this Privacy Notice, we will notify you by posting a notice of such changes on this page before they take effect.

Contact TELUS International

EU and UK Data Protection law distinguishes a data controller, a “person” (which can be a company), who determines how and in what way personal data is processed, from a mere data processor, (for example a third party service provider), who or which processes any data it receives on the instructions of the data controller. For the purposes of this policy TELUS International is a controller. Our contact details are set out below.

If you have any questions or comments regarding this Privacy Notice or TELUS International’s privacy practices, or any concerns regarding a possible violation of this Privacy Notice, our practices or any applicable privacy law you can contact us at TI.Privacy.Office@TELUSInternational.com.

Updated June 2021

Appendix 1 U.K., EU and EEA TELUS International Group Companies

TELUS International (U.K.) Ltd. TELUS International Germany GmbH TELUS International AI Limited TELUS International AI (France) SAS TELUS International AI (Spain) S.L.U. (Sociedad Unipersonal) TELUS International AI Poland sp. z o.o. TELUS International AI (Denmark) ApS TELUS International AI Finland Oy TELUS International AI (Czech Republic) s.r.o.

Other TELUS International Group Companies

TELUS International AI Holdings, Inc. (U.S.) TELUS International AI Acquisition Inc. (U.S.) TELUS International AI Costa Rica Limitada TELUS International AI Japan KK TELUS International AI Korea Co., Ltd.