I. INTRODUCTION

This Addendum modifies and supplements the Teleperformance (“TP”) Group Data Privacy Policy and sets out our commitment to collect and process personal information in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (the “DPA”), its implementing rules and regulations (the “IRR”) and relevant regulations and issuances of the National Privacy Commission (“NPC”). We provide appropriate safeguards to protect your personal information to ensure that it will be kept strictly confidential.

This policy also summarizes TP personal information controller processing activities related to the information that we collect and/or generate from our website visitors, guests and visitors to our facilities, clients and supplier employees and representatives, employees, people seeking employment with us, and other individuals. Further details relating to the Company’s processing activities are explained in our privacy notices.

II. DEFINITIONS

For purposes of the Philippines, the global terms and definitions shall mean the following:

1. “Company”, “We”, or “Us” refers to TELEPHILIPPINES INCORPORATED, TPPHFHCS, INC., TPPH-CRM, INC., TELEPERFORMANCE GLOBAL SERVICES PHILIPPINES INC., and E-KONFLUX SOLUTIONS INC.
2. “Consent” of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject or his or her authorized agent agrees to the collection and processing of personal information. Consent may be evidenced by written, electronic or recorded means.
3. “DPA” refers to the Data Privacy Act of 2012 and its implementing rules and regulations.
4. “Data Controller” and/or “Personal Information Controller” (“PIC”)” means a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes a Personal Information Processor.
5. “Data Processor” and/or “Personal Information Processor” (“PIP”)” means a person or organization to whom a Personal Information Controller may outsource the processing of personal data pertaining to a data subject.
6. “NPC” refers to the National Privacy Commission of the Philippines.
7. “Personal Information” and/or “Personal Data” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
8. “Sensitive Personal Information” means personal information:
9. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
10. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
11. Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
12. Specifically established by an executive order or an act of Congress to be kept classified.

III. DATA PRIVACY PRINCIPLES

In the processing of personal information, we adhere to the general data privacy principles of transparency, legitimate purpose, and proportionality.

1. Transparency. The data subject will be made aware of the nature, purpose, and extent of the processing of his or her personal information, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised. Any information and communication relating to the processing of personal information will be easy to access and understand, using clear and plain language.
2. Legitimate purpose. The processing of information will be compatible with a declared and specified purpose which will not be contrary to law.
3. Proportionality. The processing of personal information will be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal information will be processed only if the purpose of the processing could not reasonably be fulfilled by other means.

IV. PURPOSE OF PROCESSING

We use your information for a number of purposes including, but not limited to the following:

1. Website Visitors. To personalize our services and to ensure that you receive the best experience possible when accessing and using our website.
2. Guest and Visitors. To respond to your inquiries and requests when you visit us in any of our sites and to protect the health and safety of our employees, visitors and guests.
3. Representatives of Clients and Vendors. For client and vendor relationship management we may process your personal data for the following, and any other similar purposes: developing new business relationships, sales, marketing, negotiating contracts, market research, managing existing business relationships, invoicing, client and vendor services, service delivery, handling enquiries, and to meet legal and regulatory obligations.
4. Employees and former employees. To ensure that we can meet all the requirements of the employment contract you signed with us. We will also need to use your information for compliance with our policies, laws and regulations, to respond to requests from supervisory authorities, to handle legal claims, and to carry out our lawful business activities.
5. People applying for employment. We use your information in order to process your job application and undertake activities necessary for you to enter into an employment contract with us, including recruitment administration, qualification evaluation and testing, and background and/or reference checks.
6. Any other party, for ensuring any other business operations, which may cover any type of processing and include supplier and vendor management, compliance, reporting, due diligence, buildings and facilities management, IT, customer surveys, health, safety and security, and to meet legal and regulatory obligations.

We only use your personal information for the purpose for which we collected it and we will notify and explain to you the legal basis if we need to use your personal information for an unrelated purpose(s). If there is an incident which requires us to notify you, we will.

We will process your personal information in compliance with the above rules or when otherwise permitted and/or allowed by law.

V. DATA PROCESSING ACTIVITIES

1. Information that you provide, or we collect when you visit our website. Please see our cookie policy at the bottom of the page at www.teleperformance.com
   We may also collect information from you to answer your queries, provide you with requested information, and/or to assist you.
2. Information that you provide, or we collect from our guest and visitors. We collect basic information about you by asking you to sign our Visitor’s Log Sheet and to provide information such as the date, name, company, purpose, person to visit, time in, time out, signature and remarks along with the building ID for identification purposes. Video footage is also being recorded via a CCTV system installed in all TP floors entry and exit points. A more detailed notice related to visitors is displayed at our building information and access locations and at (accessible here);
3. Information we collect from representatives of clients, suppliers and other third parties including, but not limited to, basic personal details such as clients/suppliers name, address and contact information, clients/suppliers representatives full name, email address, mobile or phone number, financial details (e.g., bank account information or details about payments to and from you); other information with regard to how We conduct business activities with you, photographic, video and location information (e.g., CCTV images) when you visit our site locations.
4. Information you provide or we collect when you apply for a certain job or position within the company. Please see Privacy Notice for Applicants (accessible here);
5. Information we collect or generate upon issuance of a job offer and your acceptance of the same and information that we collect or generate during the course of your employment with the company. Please see Employees Privacy Notice (accessible here)

If you provide us with personal information of others, we will presume that it has been appropriately obtained and shared with us in compliance with Philippine law.

VI. LEGAL GROUNDS FOR PROCESSING

We process your personal information on the ground of necessity for the performance of the service contract you or your company has entered into with TP with respect to the processing activities such as payment of services rendered.

We process your personal information on the ground of legal obligation/necessity for compliance with laws in relation to processing activities such as but not limited to tax calculations, facilitating payments and government remittances.

We process your personal information on the ground of legitimate interests with respect to processing activities such as but not limited to computer and physical monitoring including CCTV, security (including log-ins of guests and visitors), health (including health data for the assessment of working capacity), safety, and wellness requirements. The legitimate interests pursued include management of employee, security, health, safety and business efficiency.

We process your personal information on the ground of legitimate interests in personalizing our services and in ensuring that website visitors receive the best experience possible when accessing and using our website. We adhere to our cookie policy in the processing of the information.

The personal information collected are generally stored on each department’s data systems processing the same while some are stored at TPs servers, computers, departments’ file cabinets and affiliates or subsidiary locations where only authorized employees have access to them.

We understand that the DPA and its IRR imposes stricter rules for the processing of sensitive personal information, and we are fully committed to complying with those rules. Except with regard to employees, former employees and individuals applying for employment, We do not generally collect and process sensitive personal information. For employees, former employees and individuals applying for employment, when legally required we collect and process sensitive personal information based upon your consent.

If We require your consent for a specific use of your personal information, We will collect it at the appropriate time.

Please note further that We will not subject your personal information to any automated decision-making process without your prior consent.

VII. RECIPIENTS OF YOUR PERSONAL INFORMATION and CLIENT PERSONAL INFORMATION

We may also share, disclose, or transfer your personal data within or outside the Philippines with other TP affiliates and government agencies such as the Bureau of Internal Revenue (BIR) for tax remittance purposes to comply with laws and regulations when necessary and under circumstances as permitted or required by law.

We enter into appropriate agreements to protect your personal data with third party controllers and/or processors in the processing of your personal data, including a requirement to notify us promptly of a security incident and/or data breach. For Clients, We obtain authorization to use sub-processor or third parties. Clients are informed of security incidents and/or data breaches and any sub-processor or third party must promptly notify us of security incidents and/or data breaches in order for us to inform our Clients.

VIII. RETENTION OF YOUR PERSONAL DATA

We will retain your personal information for as long as is necessary for the purpose(s) described in this policy, as set out in a more specific notice and/or consent, or where a retention period is provided by law and/or a company policy. All personal information will be properly disposed of after said period. Rest assured that our use of your personal information shall be limited to that which is necessary to achieve its purpose, and/or only when permitted and/or allowed by law.

IX. RIGHTS OF THE DATA SUBJECT

As a data subject, you have rights relating to your personal data, such as the right:

• To be Informed about any processing of your personal data.
• To Access any and all data that we may have on you. However, we may charge you for the reproduction costs.
• To Object to the processing of your personal data, in general or for a particular purpose. In addition, if we use your personal data for a different purpose than what was originally communicated and collected, we will provide you with notice or ask for your consent to process the data for this new purpose, and you have the right to object to the same.
• To Erasure or Blocking if you no longer want us to process your data, withdraw your data from our system, or you want all your personal data in our possession destroyed except as otherwise allowed under the DPA.
• To Rectify if any personal data we have on you is inaccurate or wrong, you have the right to have it corrected immediately, unless your request is vexatious or otherwise unreasonable.
• To Data Portability which allows you to obtain and electronically move, copy, or transfer your personal data in a secure manner for further use. Note, that we may charge you for the reproduction costs if you choose to exercise this right.
• To Damages if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, or other violation of your rights and freedoms as data subject.
• To File a Complaint if you feel that your personal information has been misused, maliciously disclosed, or improperly handled, or that any of your data privacy rights have been violated, you may file a complaint with the National Privacy Commission through their website: https://privacy.gov.ph

Should you wish to exercise these rights, you may submit a request at https://www.teleperformance.com/en-us/footer/data-privacy-policy/ 

If you have any questions, complaints and/or clarifications, you may contact the Data Protection Officer via email at:

<

X.CHANGING THIS POLICY

We reserve our right to make changes to the Policy from time to time. On such occasions, we will let you know through our website and, when permissible, other appropriate means of communication. Any changes made are effective immediately upon posting on the website or intranet.