Privacy Policy

For the purposes of the EU General Data Protection Regulation (and the UK version thereof, collectively GDPR) and other applicable laws, TELUS Digital is the data controller for the collection and further processing of personal information that we collect through this website. The applicable TELUS Digital entity is the data controller for information collected offline. Further, TELUS Digital may share your information with its affiliates for purposes of fulfilling your requests. When we refer to TELUS Digital throughout this Privacy Policy, we refer to the relevant group entity/entities acting as the data processor and/or data controller.

TELUS Digital is the data processor with regard to the personal information that we process on behalf of our customers (“end user personal information”). Please see the section below Information We Collect in our Capacity as a Data Processor/Service Provider.

If you have questions or complaints regarding TELUS Digital’s handling of personal information, please contact TELUS Digital Privacy, Data and AI Governance at: [email protected].

You also may contact our DPO/DPO office in your region:

• Philippines and the rest of Asia, and Africa: [email protected]
• Europe, the UK, Canada, Brazil and other regions: [email protected]

If you need to access this Notice in a different form due to a disability you may contact us at the email address stated above.

If you are visually impaired, you may access this notice through your browser’s audio reader. You can also make this notice available on a large print out by clicking on the Print option available at one of the top corners of your website browser.

We collect information, including personal information, directly from you, from other persons, and automatically as you use our website and services (collectively, our “Services”). As a business-to-business company, the personal information that we collect in our capacity as a data controller is predominantly business contact information and information that we collect through our website, which we will refer to in this policy as “Business Contact” and “Website Visitor” information, as applicable. Business contact information may include information from our customers, suppliers, and other business contacts (whether current, former, or prospective).

Scope of Collected Information: The type of personal information that we collect from you depends on your relationship with us. We collect information when you request information from us (whether through our website, in person, over the phone, at a trade show, or otherwise), when you interact with our website, when you contact customer service, or when we interact with you as a customer. Specifically, we collect:

• contact information such as names; email addresses; mailing addresses; telephone numbers; job title and employer name;
• purchase history (for purchases made on behalf of the representative’s employer);
• attendance at events, if any;
• personal information that you provide to us when you contact us; and
• other personal information that we provide notice of and/or seek consent, where required by applicable law.

This Privacy Policy does not relate to any information that is collected by an App developed by a Telus Digital Group company or affiliate, unless otherwise stated.

Sources of Information

We may collect the above information directly from you, from your employer, and, where permitted by law, from lead generation or publicly available sources. We also may collect information about you, which may be classified as personal information, from service providers such as internet service providers, ad networks, and analytics providers.

Information Collected through Cookies and Other Tracking Technologies

When you visit the website, we and our service providers/processors may use cookies and other tracking technologies, including APIs (collectively, “cookies”) to automatically collect information about you and your visit to our website. A cookie is a small text file containing a string of alphanumeric characters that a website stores on your device that we can later retrieve. We may use cookies that last until you close your browser (“Session Cookies”) or cookies that last until they are deleted by you or your browser (“Persistent Cookies”). An API or application programming interface is a way for different software applications to interact and exchange data with each other without intervention from the end-user. APIs enable us to monitor and optimize campaigns in real time. By integrating APIs from advertising platforms, web analytics tools, and marketing automation systems, we can access real-time campaign data and make timely adjustments to optimize performance.

The information that we collect through cookies, which may be defined as personal information in the jurisdiction in which you reside, includes: the web address you came from or are going to, device model, operating system, the type of web browser, internet service provider/mobile carrier, unique identifiers, mobile network carrier, the duration of the visit, time zone and IP address, and additional information provided by the browser or device. Whether we collect some or all of this personal information depends on the type of device used, your device settings, and, where required by applicable law, whether you have provided to the consent of cookies that are not strictly necessary for the functioning of our website. To learn more about what information browsers or devices make available, please check the policies of your device manufacturer or software provider.

You stop or restrict the placement of cookies on your computer or remove them from your browser by clicking on Cookie Preferences by adjusting your web browser preferences or using certain browsers or tools as described below. As applicable, please note that blocking or deleting non-essential cookies may affect the website’s functionality.

We also may use cookies to administer the website, store your preferences for certain kinds of information, track your movements around the website, analyze trends and gather information about website visitors, to or make emails more useful or interesting (for example, we may receive a confirmation when you open or forward an e-mail from us, if your device or settings support such capabilities). Non-affiliated entities that we engage, including data analytics providers, social media providers, and ad networks also may collect data from you on our website through cookies.

Marketing Personal Data Validation and Enrichment

In certain limited circumstances, such as when a Website Visitor actively subscribes to a limited number of our Newsletters, we will provide your contact information to our service providers for them to validate the reliability of the contact details provided by using their own database to report on the number of matches (i.e. if the data subject still associated with the company that you have listed for them or if the email address is operative). Furthermore, our service providers will use their database to pre-populate online forms that Website Visitors might be filling out. We would only use these tools for enriching data of Data Subjects from whom we have directly collected Personal Data previously.

In Europe, we identify this process as legitimate interest based processing, and we give the right to object to all data subjects, nevertheless, consent is collected. In Canada and the rest of the World we identify this process as consent based processing, and we give the right to object to all data subjects.

The service provider we use for these purposes is ZoomInfo Technologies LLC.

Social Plugins

We use social plugins on the website, such as plugins for Facebook, LinkedIn, Twitter, and YouTube. If you click on the plugin, your browser will create a direct link to the other entity. Please visit the social media platform’s privacy policy for more information.

Embedded content

We have implemented the following kinds of third-party content on our website:

• YouTube videos (YouTube is operated by Google LLC, 1600 Amphitheatre Parkway in Mountain View, California), with the applicable Privacy Policy available here.
• Spotify podcasts (Spotify is operated by Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden), with the applicable Privacy Policy available here.

To be able to access the third-party content on our website, you first need to activate it by confirming via click that you wish to view the video in question/listen to the podcast in question.

If you chose to activate the third-party content on our website, your browser will create a direct link to the other entity which may allow this entity to collect your personal information. Please visit the respective platform’s privacy policy for more information.

To protect your privacy, we point this out to you before we display third-party content. You then have the option of having the content displayed by clicking on it, or to refrain from displaying the third-party content.

Ad Networks

We use ad network advertisers to serve advertisements on affiliated and non-affiliated website. This enables us and the ad network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, analytics providers and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity’s specific privacy policy, not this one. We may provide these advertisers with information, including personal information, about you. Please refer to the Additional Information for Business Contacts and Website Visitors residing in the European Union (EU) or United Kingdom (UK) if you reside in the European Union (EU) or United Kingdom (UK).

We use service providers such as Google’s AdSense and AdWords to help us provide advertisements to you that are tailored to you based on interests that you have expressed on our website or elsewhere. Any advertisements served by Google, Inc., and affiliated companies may be controlled using cookies. These cookies allow Google to display ads based on your visits to this website. Any tracking done by Google through cookies and other mechanisms is subject to Google's own privacy policies. You may decide to disable Google cookies by clicking on: www.google.com/settings/ads/onweb/optout?hl=en. You can use Ads Settings to manage the Google ads you see and opt out of interest-based ads delivered by Google.

You can also control how participating ad networks use the personal information that they collect about your visits to our website, and those of third parties, in order to display more relevant targeted advertising to you. You can change your preferences at any time by clicking on Cookie Preferences. Please note that any choice with regards to cookie-based advertising only applies to the web browser and device through which you exercise that choice. If you delete your cookies, you may need to reapply your choices. Additionally, you will still continue to non-personalized ads even if you opt-out of personalized advertising. If you are a California resident, you also may click on the Do Not Sell or Share My Personal Information Link, which will limit the sharing and/or collection of certain of your information through cookies.

Speech Recognition and Body Position- WillowTree Vocable App

For the purposes of the EU General Data Protection Regulation (and the UK version thereof, collectively GDPR) and other applicable laws, WillowTree LLC is the data controller for the collection and further processing of personal information that we collect through our Vocable App.

Types of Data: Our Vocable App may collect body position data for the purpose of allowing users to navigate on-screen controls or interact with the services with face and head movements, as well as audio in order to allow you to convert speech into text and otherwise interact with the services.

Primary Purpose for Collection and Use of Data: We use audio information with your consent. We also have a legitimate interest in enabling our users to either interact with our services using voice only, or solely their head and face positioning, context depending

Health Data

In certain situations where a serious public health threat has been identified, we may collect information from guests, business contacts and other individuals accessing our facilities.In some jurisdictions we may be required by law, regulation, or governmental order to collect and retain information related to issues of public health and safety. We have a legitimate interest in protecting the health and safety of our employees and guests, and in complying with the laws of the jurisdictions in which we operate.

We use Business Contact information to:

• communicate with you about business customers and their relationship with TELUS Digital;
• understand business customer needs and preferences;
• provide products and services that are tailored to our customers’ and their end users’ requirements;
• endeavor to ensure that our products and services are responsive to our customers and their end users’ requirements;
• bill and process payments, which may include working with a non-affiliated payment processor;
• promote or sell products or services to business customers;
• further our business objectives, such as to perform data analysis and audits
• to enhance, improve or modify our services; to advertise, measure and determine the effectiveness of our promotional campaigns and to operate and expand our business activities;
• to safeguard and defend our rights, the rights of our customers, and the rights of other persons;
• meet any regulatory or legal requirements;
• where required by applicable law;
• facilitate a corporate reorganization, merger, restructuring, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any litigation, bankruptcy, insolvency or similar proceedings; and
• such other purposes that we provide notice of and/or seek consent, where such notice or consent is required by applicable law.

We use Website Visitor Information to:

• to provide our website;
• to contact you and provide you with information that you have requested and deal with any matters arising as a result of that contact (including to provide our newsletter to you if you sign up for our newsletter and to make emails more useful or interesting);
• understand your needs and preferences;
• provide a website that is tailored to your requirements and preferences;
• ensure that our website continues to be responsive to your requirements and preferences;
• to record and evaluate the use of the website for targeted advertising;
• to enable you to recommend our website via social plugins or share information about our website with others;
• to enable you to access third-party content embedded on our website;
• to determine disruptions and to ensure the security of our systems, including the detection and tracing of (the attempt of) unauthorized access to our web servers;
• to safeguard and defend our rights; and
• meet any regulatory or legal requirements.

Please note that if you are a Business Contact or Website Visitor residing in Brazil or Canada, the tables below in the “Processing Purposes, Categories of Personal Information, Legal Bases (incl. Legitimate Interests) and Recipients” section of this Privacy Policy applying to data subjects in the EU and UK apply to the processing of your personal information as well.

In some countries, such as Canada, our legitimate interest in processing your data arises when we obtain your express or implied consent. Where Canadian law applies to our collection of personal information, by continuing to use our site and services you are acknowledging and consenting to the collection and use of information as described in this Policy

Providers/Processors: We disclose your personal information to service providers that we use to provide us with services, such as information technology services, client management services, payment processing services, SAAS-based financial applications, accounting, consulting, auditing and related services. We may also subcontract certain of our services to processors, to the extent permitted by law and contract with our customers. Where we enter into a relationship with any service provider or subcontractor for the processing of personal information, we will contractually require such vendors to take measures to protect your personal information in accordance with applicable privacy laws.

Group Companies: We may disclose your information, predominantly business contact information, to other members of the TELUS Digital Group for purposes of service provisioning and for certain compliance. A list of our group companies can be found here.

For the purpose of promoting engagement within TELUS Digital and TELUS Corporation, we may disclose your personal data to enhance our business operations and customer relationships. As a representative example, we may disclose contact details related to customer account relationships. This data enables us to create valuable synergies across our diverse business sectors and collaborate with TELUS Corporation to promote operational efficiency and cross-sell our services.

Advertising, Social Media & Analytics Providers: We share your personal information with advertising, social media and analytics providers for marketing, advertising and promotional purposes. For example, we may use your personal information, such as your email address, to send you news and newsletters, special offers, events, surveys, and promotions, or to otherwise contact you about services or information we think may interest you. We also use the personal information that we learn about you to assist us in advertising our products and services on non-affiliated websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms. Further information about the relevant advertising, social media and analytics providers can be found by clicking on Cookie Preferences.

Corporate Transactions or Events: We may disclose your personal information to other entities in connection with a corporate reorganization, merger, restructuring, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any litigation, bankruptcy, insolvency or similar proceedings. These entities may include, without limitation, our advisors, government entities and law enforcement, prospective purchasers, and bidders.

Other unaffiliated third parties: We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.

Legal Obligations: We will disclose your information where required or permitted by law, where we believe it is appropriate to do so. Representative examples include:

• to enforce our terms and conditions and contracts with you
• to protect our group operations and rights
• to protect the rights and safety of our customers and other persons
• to comply with court orders, enforcement actions by or any other legal proceedings
• to pursue any remedies available to us or limit damages that we may suffer
• to respond to requests from public and governmental authorities, including public and governmental authorities outside of your country of establishment
• to comply with any other relevant aspects of applicable laws from time to time, including applicable laws outside of your country of establishment

For these reasons, we may disclose your information to courts, government entities, legal advisors, law enforcement, and to other persons where we are required or permitted to make such a disclosure, such in response to a validly issued subpoena.

To Protect Us and Others: We share your information where we believe it is necessary to prevent or investigate a possible crime, such as fraud or identity theft; to enforce a contract; to protect the legal rights, products, services, or safety of you, us, our Group Companies, and their respective employees, clients, partners, agents, other users, or the public in general; to enforce our terms of use or this Notice; and to monitor and remediate security issues.

Aggregated Information: Where permitted by applicable law, we may disclose aggregated information for marketing, advertising, research, or any other purposes.

Some jurisdictions, such as countries within the EU, the UK, and Brazil, give you a right to make the following choices regarding your personal information:

Access to Your Personal Information: You may request access to your personal information or confirmation that we have and/or process information about you. In certain limited circumstances, you may also request to receive access to your data in a portable, machine-readable format.

Access to Information about Public and Private Entities, Residents of some jurisdictions,may request information about public and private entities with whom we have shared your personal information.

Changes to Your Personal Information: We rely on you to update and correct your personal information. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.

Deletion of Your Personal Information: You may request that we delete your personal information. If you are a resident of Brazil, you may also request the anonymization or blocking of unnecessary or excessive data or data processed in non-compliance with applicable law. Such If required by law, we will grant a request to delete, block, or anonymize information, as applicable, but you should note that in many situations, we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another business purposes.

Revocation of Consent: When we process your personal information based upon consent, you may revoke consent. Brazilians data subject may also specifically ask for the deletion of data processed on the basis of consent. Please note that if you refuse to provide your consent, or revoke your consent, for the processing of personal information, then we may no longer be able to provide you services. We may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity.

Opt-out of Sales and Sharing: In some jurisdictions, you may have the right to opt out of the selling and sharing of your personal information for purposes of targeted advertising. We also honor your right to opt out of sales and sharing as signaled by a universal opt out signal or Global Privacy Control (“GPC”). To enable GPC, you can visit the Global Privacy Control page at https://globalprivacycontrol.org. If you download a supported browser or extension and exercise your privacy rights with GPC, we will turn off third-party advertising cookies on our website once our website detects a GPC signal. If you visit our website from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device.

Not all the rights above are absolute, and they do not apply in all circumstances. We may limit or deny some requests because the law permits or requires us to. We will not discriminate against individuals who exercise their privacy rights under applicable law.

Verification Process. Where required by law, we will require you to prove your identity. We may verify your identity via email. Depending on your request, we may ask for information such as your name or other details.

Authorized Agents. Some jurisdictions allow you to designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Business Contacts and Website Visitors may exercise the rights described above by contacting [email protected]. In addition, California residents may exercise their rights by contacting:

• [email protected]
• Completing an online request form by clicking this link.

If you are not satisfied with our response, and are in the European Union, United Kingdom or Switzerland, you may have a right to lodge a complaint with your local supervisory authority.

In adherence to the data minimization principle, TELUS Digital currently has a policy respecting records retention and an associated retention schedule. We will keep your personal information as long as it remains necessary or relevant for the purposes it is processed for, unless longer retention is otherwise required to meet legal or regulatory requirements. In determining how long we will retain personal information, we consider and review the following:

• Legal requirements on a country-by country basis
• Determination of processing activities and data category levels in order to determine appropriate retention periods.
• Implementation of data retention and schedule based on each type of data collected
• The duration of data usage by our teams
• Recommendations from external lawyers
• Commercial and trade secrecy considerations
• Evaluation of existing mechanisms and related procedures to understand the scope of personal data and retention-related requirements.
• Engagement of stakeholders within the Company to ensure the enforcement of policies.

For example, we will retain transactional data for as long as necessary to comply with our tax, accounting, and recordkeeping obligations. We also retain data as necessary to protect, defend or establish our rights, defend against potential claims, or comply with legal obligations.

TELUS Digital will make reasonable efforts to maintain the accuracy and integrity of your personal information in our custody.

TELUS Digital takes measures in an effort to safeguard the personal information in our possession. Please note that no measures are 100% secure.

In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

We may collect personal information about end users in our capacity as a data processor on behalf of our business customers. When we act as a data processor, our business customer dictates the scope of personal information that we collect from or about end users and our use of that information. Our business customers may provide us with—or direct that we collect—the following information about end users: contact information; behavioral information (such as interactions, preferences, habits, feedback, needs and problems); voice recordings, images, videos; and other information of their choosing.

We use the personal information that we obtain from our business customers for the purpose for which it was provided, predominantly to fulfill the contractual obligation. We also use the end user personal information, where permitted by law and contract, for training purposes, trouble-shooting, to investigate and resolve issues and complaints, write or modify software applications. Where permitted by contract and law, we also may use the information (typically in the aggregate) to improve our products and services.

As permitted by our contract with our business customer and/or as required/permitted by law, we disclose end user personal information to service providers/subprocessors to assist in providing the services to our business customers; to law enforcement, regulators, advisors, and others, where we believe it necessary to protect our rights and interests, the rights and interests of our customers, or the rights and interests of any other person.

Unless we specifically contract to do so as part of the provision of services to a business customer, TELUS Digital will not generally respond directly to requests or inquiries from end users with regards to the processing of their personal information. We will instead make reasonable efforts to direct inquiries and rights requests made by end users to the appropriate business customer.

Under the California Consumer Privacy Act, as amended (“CCPA”), we are required to notify California residents about the personal information that we collect about them, whether online or offline, in our role as a Business (as defined under the CCPA) and how we handle their personal information, which, for this California Privacy Notice, is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (subject to certain exemptions under CCPA).

This section does not address or apply to information or practices that are not subject to the CCPA, such as:

• Publicly Available Information. Information that is lawfully made available from government records, information we have a reasonable basis to believe is lawfully made available to the general public by you or by widely distributed media, or by a person to whom you have disclosed the information and not restricted it to a specific audience.
• Deidentified Information. Information that is deidentified in accordance with applicable laws. Where we have committed to maintaining and using personal information in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.
• Aggregated Information. Information that relates to a group from which individual identities have been removed.
• Certain Health Information. Information governed by the Health Insurance Portability and Accountability Act or California Confidentiality of Medical Information Act.
• Activities Covered by the Fair Credit Reporting Act. This includes information we receive from consumer reporting agencies that are subject to the Fair Credit Reporting Act (e.g., information contained in background check reports we obtain as part of our vetting process).

This CA Privacy Notice also does not apply to the personal information we collect from job applicants for employment with TELUS and the Group Companies or our current or former employees, which are subject to different notices.

Categories of Personal Information that We Collect, Disclose, and Sell/Share. This CA Privacy Notice is directed to the scope of personal information that we collect about California residents in our capacity as a business, as defined under the CCPA, and not as a service provider. While our processing of personal information varies based upon our relationship and interactions with you, this CA Privacy Notice is focused on our collection and use of personal information from our non-contributor community. To the extent that we collect such personal information that is subject to the CCPA. The categories of personal information we collect from our business customers in our role as a business can be found here.

California Sensitive Information Disclosure: Some of our companies, such as TELUS Digital, collect sensitive information. For example, in certain situations where a serious public health threat has been identified, we may collect information from employees, guests, and other individuals accessing our facilities. This may include medical and health information, such as body temperature, symptoms, and underlying health conditions. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for cross-context behavioral advertising.

Sale and Sharing of Personal Information. Although we do not monetize your personal information (e.g., we do not sell customer lists to other entities for money), we do disclose the following categories of personal information: identifiers, profiles and inferences, and internet or other electric network activity information to ad networks, analytics providers, and social networks for purposes of marketing and advertising; analytics, measurement and improvement; and customization and personalization, which could be deemed to be a sale or sharing under CCPA (e.g., we may permit such providers to place a cookie, tag, or other tracking tool on our website to assist us with our advertising, and these providers also may use your personal information to assist other companies with their online advertising, analytics and personalization as well). We do not sell or share any personal information about individuals who we know are under sixteen (16) years old.

Third Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own. This includes websites or applications that we developed for third parties.

Contact details of TELUS Digital

You may contact TELUS Digital at:

[email protected]

Level 3, Point Village, East Wall Road, Dublin 1, Ireland

Processing Purposes, Categories of Personal Information, Legal Bases (incl. Legitimate Interests) and Recipients

The tables below include additional information about the purposes of processing personal information, the categories of personal information processed to pursue the respective purpose, the legal bases relied upon (as well as the legitimate interests pursued, if applicable) and the categories of recipients to whom personal information is disclosed in connection with the respective purposes.

Business Contact Information

Website Visitor Information

How do we Protect Business Contact and Website Visitor Information that is Disclosed Internationally?

For this, we either rely on an adequacy decision of the European Commission or have appropriate safeguards in place, and such transfers are in particular made on the condition that enforceable rights and remedies are available for individuals to which the personal information being transferred relates.

The appropriate transfer mechanisms that TELUS Digital has in place include the standard contractual clauses that have been approved by the European Commission. For more information on how we conduct data transfers, see the Cross Border Transfers section below.You are entitled, upon request to [email protected], to receive a copy of the appropriate safeguards.

Obligation to provide personal information

There is no legal or contractual requirement (towards TELUS Digital) for Business Contacts and Website Visitors to provide their personal information to us. However, in some scenarios, TELUS Digital will not be able to perform certain services if the required personal information is not available to us: we will not be able to offer the use of a contact form if you do not provide the information marked as mandatory (e.g., business email).

Sources of personal information

As described above, we collect personal information through the website from the following sources: directly from you; ad networks; data analytics providers; social networks; internet service providers; operating systems and platforms; Group Companies; partners; and government entities.

We typically collect business contact information directly from business contacts and their employers. We may obtain your business contact information from your employer, from LinkedIn or other publicly available sources, from trade shows, and from the respective business customer (the legal entity which is represented by the business contact).

TELUS Digital complies with the EU-U.S. Data Privacy Program Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Program Framework, and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. TELUS Digital has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Program Principles (EU-U.S. DPF Principles) and the U.K Extension to the EU-U.S. Data Privacy Program Principles (EU-U.S. DPF) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and U.K. extension to the EU-U.S. DPF. TELUS Digital has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and U.K. extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. You can find a full list of those TELUS Digital entities that participate in the Data Privacy Framework by clicking here.

TELUS Digital is responsible for the processing of personal information it receives or subsequently transfers to a third party acting as an agent on its behalf. TELUS Digital complies with the Data Privacy Framework Principles for all onward transfers of personal information from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions in the Data Privacy Framework Principles. In addition to the rights listed in section, “Choices of Business Contacts and Website Visitors,” where we transfer your personal information in reliance on the DPF, you have a right to object to some uses and disclosures of your personal information to third party controllers. To exercise this right, you can contact us at [email protected].

With respect to personal information received or transferred pursuant to the Data Privacy Framework Principles, TELUS Digital is subject to the investigation and enforcement powers of the Federal Trade Commission. In certain situations, TELUS Digital may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US Data Privacy Framework Principles and U.K. extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, TELUS Digital commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, United Kingdom and Swiss individuals with DPF inquiries or complaints should first contact [email protected]

TELUS Digital has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by JAMS as alternative dispute resolution provider in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you.

In compliance with the EU-U.S. DPF and U.K. extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TELUS Digital has committed to cooperate and comply respectively with the advice of the panel established by the EU Data Protection Authorities (DPAs), UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and U.K. extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2