Customer Safe Harbor Policy TPUSA, Inc., Safe Harbor Policy TPUSA, Inc. (“TPUSA”), recognizes and respects the importance of protecting individuals’ personally identifying information (“Personal Information”). 1. Scope. This Privacy Policy (“Policy”) applies to all Personal Information that TPUSA collects or receives from or through the performance of services for its clients outside the United States and transfers into the United States, whether manually or digitally processed. The Policy governs TPUSA and each of its subsidiaries. 2. Our Services. TPUSA provides contact center management services (“Services”) for clients located around the globe. The clients retain TPUSA to transmit messages and to provide information to their customers and others (“Recipients”). In other cases, TPUSA may collect Personal Information from Recipients when Recipients are asked to provide or to verify Personal Information in order to obtain goods or services. In all cases, we simply act as agent for our clients and at their direction. We rely on our clients to comply with all applicable personal-data privacy laws in compiling and providing us with the Recipient information. 3. Other Information Collection. We also may collect Personal Information when clients or Recipients contact us with a question or concern about this Policy or about our Services. If Personal Information is provided to TPUSA in this context, we will use it only to respond to a specific inquiry or otherwise as required by law. 4. Transfer of Personal Information. As noted above, we utilize the Personal Information of Recipients only as directed by our clients in the performance of the Services. We do not disclose Personal Information of Recipients to third parties except to our clients or to authorized service providers – which may be affiliated or nonaffiliated companies – who assist us in performing the Services, unless otherwise required by law. Because we simply process the information provided to us, our clients remain responsible for that Personal Information with respect to the individuals concerned. 5. Access to Personal Information. Individuals seeking access to Personal Information that we receive from our clients should contact the client directly. All of TPUSA’s messages should prominently display the name of the client on whose behalf the message was sent. We also would be happy to provide any interested Recipient the applicable client’s name and contact information. Individuals seeking access to Personal Information about themselves that we have collected must contact our Privacy Compliance Officer as directed below. We will make reasonable efforts to provide the requested information promptly if it is still available to us, although we reserve the right to charge the requester for the cost (in time and expenses) of retrieval. 6. Security. We utilize reasonable and appropriate protections to ensure that Personal Information in our care is not misused or accessed without authorization. Personal Information is stored on our own servers, with access restricted to those clients to which the Personal Information in question relates and to employees or contractors who have a need for such access to perform a legitimate business purpose relating either to the Services or to maintenance, internal security or related issues. Moreover, we generate audit logs that record all access and use of Recipients’ Personal Information stored in our databases. Any contractor whom we retain to provide services for us and who will have access to Personal Information must agree in writing to abide by the terms of this Policy. 7. Data Integrity. We only use Personal Information that is necessary to perform the Services requested. Occasionally, a client provides us with more Personal Information than is necessary (for example, providing us with a name, street address and e-mail address, when only the name and e-mail address are necessary). In those cases, we employ automated programs (or manual procedures in the case of difficulty) that identify and utilize only those data that are needed. The rest remain secure and unused until destroyed or returned to the client. We also only store Personal Information when specifically requested to do so by a client or as part of our ordinary back-up, archiving process. Archived files are secured consistent with paragraph 6 above and are destroyed on a regular cycle. 8. European Union and SwitzerlandSafe Harbor Compliance. To the extent that it impacts Personal Information transferred from a European Economic Area ("E.E.A.") nation to the United States, or Switzerland to the United States, and as more fully detailed above, this Policy complies with all applicable principles of the U.S.-E.U. Safe Harbor and with all applicable principles of the U.S.-Switzerland Safe Harbor. TPUSA has certified its participation in both Safe Harbor frameworks with the United States Department of Commerce. 9. Enforcement. Concerns regarding our adherence to this Policy should be raised first with our Corporate Privacy Officer as directed below in paragraph 13. TPUSA’s compliance with this Policy is subject to the ultimate authority of the United States Federal Trade Commission, to which complaints that are not adequately resolved through the above avenue also may be directed. 10. Acquisition, Merger or Bankruptcy. In the event TPUSA or any of its affiliates or subsidiaries is acquired by another entity or merges with a third party, the successor entity will be bound to respect the provisions of this Policy with regard to any Personal Information in TPUSA’s (or its affiliates’ or subsidiaries’) possession prior to the acquisition or merger. In the event of bankruptcy, the provisions of applicable law will apply. 11. Corporate Privacy Officer. To contact our Corporate Privacy Officer when indicated by this Policy or to address questions regarding TPUSA’s privacy practices, please e-mail: Privacyofficer@teleperformance.com Letters may be sent to: Teleperformance 1991 South 4650 West Salt Lake City, UT, 84104 Version 1.0; Last Revised 14/04/09 LEGAL_US_W # 61011422.3 |