First and foremost
Telesign is committed to protecting your privacy and keeping your personally identifiable information (“Personal Data”) secure. The term Personal Data shall be used throughout this Privacy Notice as the common term for personal information or personally identifiable information (aka, “PII”). In particular, this Privacy Notice has been updated to align with applicable privacy and data protection requirements including but not limited to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), Brazilian Lei General de Protecao de Dados (“LGPD”), Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), Chinese Personal Information Protection Law (“PIPL”), Singaporean Personal Data Protection Act (“PDPA”) and Serbian Law on Personal Data Protection (“ZZPL”) (“Applicable Law”).
This Privacy Notice describes how Telesign collects, uses, shares and retains Personal Data, what choices you have with respect to your Personal Data, and how we keep it secure. We aim to be fully transparent in this Privacy Notice by describing our privacy practices in simple, easy-to-understand language, and giving you control over your Personal Data that you have entrusted us with. We will work hard to maintain your trust in us by being honest and direct when it comes to your Personal Data. Your trust is our top priority and by helping you understand our Privacy Notice, we intend to open the way to better communications and service.
This Privacy Notice applies to Telesign’s products and services (“Services”), including www.telesign.com, portals customers use to access Telesign Services (“CustomerPortals”), Telesign websites (“Websites”) and other interactions through third-party applications on behalf of Telesign (e.g. customer service inquiries, user conferences, job applications, surveys, vendor ethical and compliance training, PR training about Telesign, etc.) you may have with Telesign. In this Privacy Notice, the words “you” and “your” refer to the individual interacting with Telesign, as well as our Customer’s end user. By continuing to use our Websites and Services, you acknowledge and consent to the practices described in this Privacy Notice, including the latest updates.
Our business may change from time to time. As a result, at times it may be necessary for Telesign to make changes to this Privacy Notice so please check this page occasionally to ensure that you are happy with any changes before you provide any Personal Data. We will announce any material changes to this Privacy Notice via channels appropriate to our relationship with you. This Privacy Notice was last updated in December 2021 and shall be updated at least annually.
We are Telesign
. . . a world leader in Digital Identity and Programmable Communications, based in Los Angeles, California. Telesign connects, protects and defends companies, customers and the digital interactions between them. With powerful AI that delivers identity with speed, accuracy and global reach, we enable Continuous Trust. Empowering companies to transact, communicate and engage with their customers free of fear, Telesign helps makes the promise of the digital economy possible.
Data Processor (a.k.a.Service Provider under CCPA)
For the most part, we are a “Data Processor” whereby we process PersonalData that we receive from organizations (TeleSign’s “Customers”) for the provision of our Services. Customers receive Personal Data from you, the data subject, or from certain third parties, and we process this Personal Data on our Customers’ instructions.
Data Controller (a.k.a. Covered Business under CCPA)
In some cases (e.g. in the case of our Websites and Customer Portals), we are a “Data Controller” for the Personal Data that you, the data subject, give to us directly. That is when we determine the purposes and means of processing the Personal Data you provide.
However, regardless of whether we are a Data Controller or a Data Processor, Telesign believes you – not us – have control over your Personal Data and you can access, manage and delete it, as described in this Privacy Notice.
How do we collect personal data
As a Data Processor, we receive your Personal Data from our Customers. We process your Personal Data at our Customer’s direction through their use of our Services which are governed by contracts.
As a Data Controller, we collect Personal Data to provide the best possible experience, for example when you utilize our Websites or Customer Portals, when you contact us about our Services, or, in provision of our Services to Customers, to determine characteristics about a phone number that are used for fraud detection, prevention and mitigation purposes.
We collect information in a variety of ways directly from you, when you:
- Correspond with us by phone or email
- Apply for a job or register to attend training
- Participate in surveys, evaluations and promotions
- Join an email mailing list
- Request support from our customer support team for Telesign Services
- Submit Personal Data through our Websites and Customer Portals or via Cookies
We also collect supplemental information from other sources, including:
- From Telesign’s Customers in provision of our Services to Customer
- From third parties, such as Telesign affiliates and partners, that have your permission to share your personal data with us
- From publicly available sources of information
- At conventions, trade events, and trade shows
What personal data do we collect
We collect the following categories of Personal Data:
Name, date of birth, postal address, unique personal identifiers, online identifiers, IP address, email address, username or account number, device identifiers, e.g. IMEI/IMSI
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Telephone number, education, employment, employment history
Records of products or services purchased
Internet or similar network activity
Browsing history, information on a consumer’s interaction with a website, application, or advertisement (“cookies”); marketing and contact preferences
Professional or employment-related information
Current or past job history or performance evaluations (employees only)
Inferences drawn from other personal information
Profile reflecting a person’s fraud risk score based on behavior and data intelligence.
We do not store or retain credit card information. For payments, we use third party payment processors who specialize in the secure online capture and processing of credit/debit card transactions.
Telesign does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide Personal Data without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Telesign, please Contact Us, and we will delete that information from our data bases in the earliest possible timeframe.
Why do we collect personal data
Telesign collects Personal Data to provide outstanding customer service, operate the Services we provide to Customers, for marketing of our Services, to detect, prevent, mitigate and investigate fraudulent or illegal activities.
As a Data Processor, we collect and use your Personal Data in accordance with the contractual obligations we have with our Customers. As a Data Controller, we collect and use your Personal Data only when you have provided us with your consent, or where there exists a legitimate interest to process such Personal Data in order to develop solutions that prevent fraudulent and illegal behaviors in provision of our Services to Customers.
We may process your Personal Data for one or more of the following business purposes:
- To provide you with information, goods, or services
- To improve and enhance services
- To conduct research and maintain statistics
- To send you SMS / text messages or make voice calls to you that contain alerts, reminders, notifications or one-time passcodes
- To send you SMS / text messages or make voice calls to you for automatic verification and power private two-way communications on digital platforms owned by our Customers
- To provide data intelligence and/or fraud risk assessment about your phone number to our Customers. Data intelligence includes device information, SIM swap detection, subscriber status, contact information, location, risk score, etc., in order to strengthen authentications, evaluate fraud risks, prevent fraudulent behaviors and enhance the user experience. Our Customers obtain your consent for use of your Personal Data in these data services that we provide.
For the purposes of the CCPA, we may use or communicate your Personal Data for valuable consideration for the following business purposes:
- To promote and market Telesign’s services
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity
- To provide you with information regarding your account and the Telesign Services. Collecting your personal information enables us to better understand your needs and interests, improves our service, and personalize communications.
We may analyze your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. Where this is the case, we ensure that such external sources have a lawful basis for processing and sharing your Personal Data. We may also use your Personal Data for the legitimate interest of detecting, mitigating and preventing fraud in provision of our Services to Customers.
Who do we share personal data with
Unless you give us your permission, we will not share your information with third parties for marketing purposes or any other unauthorized business purpose.
Personal Data may be shared with the following trusted third-party service providers who require the Personal Data to perform their work on Telesign’s behalf:
- anti-fraud services providers;
- email, data and SMS/Voice communications providers;
- cloud storage providers;
- marketing analytics providers;
- customer relationship management providers,
- learning management system providers, and
- payment processing services providers.
These third party service providers are authorized to use the Personal Data only as necessary to provide their services. Telesign takes appropriate steps to ensure that these third party service providers protect your Personal Data, such as by signing data processing agreements with them and assessing their security measures. Telesign may also share the Personal Data with its affiliates and will only use the Personal Data as described in this notice. Additionally, your Personal Data may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Links to other websites
Our Websites include links to other sites whose privacy practices may differ from ours. If you submit Personal Data to any of those sites, their use of your information is governed by their respective privacy policies.
Your privacy rights and choices
As a Data Controller (a.k.a. Covered Business under CCPA), for Personal Data that Telesign receives from you directly, you have the following rights:
- The Right to Transparency: You have the right to be informed about our privacy and data protection practices in this Privacy Notice.
- The Right to Access/Disclosure: You have the right to know about the specific pieces of Personal Data we have about you, and we will provide you with what we have upon request.
- The Right to Rectification: If your Personal Data is incorrect or incomplete, you have the right to ask us to update it.
- The Right to Object: You have the right to object to or ask us to restrict the processing of your Personal Data.
- The Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, portable format.
- The Right to Withdraw Consent/CCPA’s ”Do Not Sell My Personal Information”: At any time, you can opt-out of processing or having your Personal Data sold by contacting us.
- The Right to Delete (GDPR’s “RTBF”): You have the right to request to delete your Personal Data and we will honor it to the extent that it is no longer necessary for any Services contracted by our Customer or required for our legitimate business purposes, legal or contractual record keeping requirements.
All of your rights above can be exercised by contacting us using the details specified below in the Contact Us
As a Data Processor, we provide customer identity and engagement solutions to our Customers that involve the processing of Personal Data, including mobile phone numbers, on their behalf. Inquiries relating to Personal Data that we process through our Services on behalf of our Customers will be directed to our Customers by Telesign’s Privacy team.
You can visit our Websites without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain features of our Websites.
Our Websites offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blogs, please Contact Us
We will not contact you for marketing purposes by email, phone, post or text message unless you have given your prior consent to us or any of the third parties we may engage for such purposes. At any time, you can change your marketing preferences by Contacting Us
Data security and retention
The security of your Personal Data and our Customers’ confidential information is important to us. We maintain a comprehensive information security program designed to ensure the security of your Personal Data by implementing physical, technical, and administrative measures and safeguards.
We follow best practices and generally accepted standards to store and protect the Personal Data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. For Personal Data collected or received over unsecured Internet channels, we encrypt the transmission of that information using secure socket layer technology (SSL/TLS).
Our Privacy and Security Teams regularly review our security and privacy practices and enhance them as necessary to help ensure the integrity of our systems and security of your Personal Data. Nonetheless, security vulnerabilities are continually evolving which means that no security measures can guarantee absolute security, but we will use reasonable efforts to prevent the accidental or unlawful loss, misuse or alteration of your Personal Data.
We review our data retention periods for Personal Data on a regular basis. We are legally required to hold some types of information for certain periods to fulfill our legal and statutory obligations. Outside of these obligations, we will hold your Personal Data in our systems for as long as is necessary to provide the Services you have requested or our Customer has contracted for, and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations that apply to our business operations;
- for preserving, resolving (customer support), defending or enforcing our legal/contractual rights; or
- as needed to maintain adequate and accurate business and financial records (billing purposes).
We take steps to destroy or permanently de-identify Personal Data once it is no longer needed. In some cases, we choose to retain usage information in a depersonalized or anonymized form. If Personal Data is anonymized, so that you can no longer be identified, the information ceases to be Personal Data and will not be subject to our regular retention policies or subject to the exercise of your rights and choices as outlined above.
International data transfers
Personal Data provided to Telesign may be transferred to, accessed from and otherwise processed in the United States, the European Union, the United Kingdom, Serbia and any other country in which Telesign or its affiliates/trusted third party service providers operate facilities. By submitting your Personal Data, you are agreeing to this transfer, storing or processing by Telesign and between Telesign and affiliates/trusted third party service providers. When we transfer your information internationally, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as required by the Applicable Law, and as outlined in this Privacy Notice.
For international transfers outside of the European Economic Area, Telesign offers EU Model Clauses, also known as Standard Contractual Clauses, and Data Processing Agreements to meet the adequacy and security requirements for our Customers that operate in the EU.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the vital work we do and/or our Services, then you may (i) choose not to submit any Personal Data to us; or (ii) access the unsubscribe option within the Telesign email communication; or (iii) unsubscribe via this email address: [email protected].
If you wish to exercise any of your privacy rights, have any questions or comments about our Privacy Notice, our practices or our Services, or wish to lodge a concern or complaint, please contact us at:
1 800 850 3485
13274 Fiji Way Suite 600, Marina del Rey CA 90292, USA
To communicate with our Data Protection Officer, please email [email protected].
To communicate with our Legal Team regarding law enforcement requests, please email [email protected].
We will respond to all requests, inquiries, or concerns promptly upon becoming aware but in any case, within thirty (30) days.
You also have the right to lodge a complaint with a data protection authority in your country of residence if you consider that Telesign’s processing of your Personal Data infringes Applicable Data Protection Law.
For exercise of your privacy rights in China, the DPO contact shall be Telesign’s DPO as outlined above. Please note, such contact information may change once a more permanent DPO is appointed for Telesign in China. This Notice will be updated to take note of any such changes.
As Telesign is not primarily established in the European Union, we have appointed a representative in the Netherlands (our “EU Representative”). If you are located in the European Union, or Iceland, Liechtenstein or Norway, you may address the EU Representative to raise any queries you may have relating to Telesign’s processing of your Personal Data and/or this Privacy Notice more generally.
Our EU Representative is Telesign Netherlands B.V. and the email address by which to contact them is [email protected].