Global Data Retention Policy

Classification: Confidential

[Type here]
DOCUMENT CONTROL

Title: Prepared By: Date Prepared:

Global Data Retention Global Privacy Office 14 February 2020
Policy
Document Type: Reviewed By: Date Reviewed:
Policy Mark Jaffe 15 June 2020
Version: Approved By: Date Approved:
1.0 Leigh Ryan 15 June 2020
Alan Winters

Next Review: Owned By: Effective Date:

Annually Global Privacy Office & 15 June 2020
Compliance

Version Date Amended By Comments/Changes

1.0 14 February 2020 Mark Jaffe Initial development.

2.0 1 February 2021 Nathan Coffey Name change, adding definitions, adding Client
Records and retiring Client Data Retention Policy,
adding requirement to apply Record Classification
Codes. Adding schedules.

CONFIDENTIAL TELEPERFORMANCE INFORMATION 2

Table of Contents
Purpose 4
Scope 4
Definitions 4
Policy Statement 6
Accountability 6
Requirements 7
Ownership of Records and Information 7
Global Records Retention Schedule 7
Retention and Disposition 8
Protection and Access 8
Client Records 8
Training 9
Compliance 9
Exception Process 9
Schedule 1 - Global Records Retention Schedule 9
Schedule 2 – Teleperformance Legal Hold Procedure 10
Schedule 3 – Exceptions Form 11
Schedule 4 – Hard Copy Procedure (to be added) 13
Schedule 5 – Soft Copy Procedure (to be added) 13
Schedule 6 – Record Retention Compliance & Oversight (to be added) 13

CONFIDENTIAL TELEPERFORMANCE INFORMATION 3

Purpose

It is the policy of Teleperformance to use and maintain Records and other Information in accordance with
applicable law, regulations, and operating requirements. This Policy has been established to ensure that
Teleperformance retains Records and Information to meet appropriate legal obligations and operational
needs, and routinely disposes of unnecessary Records and Information in the normal course of business
under the approved Global Record Retention Schedule.

Scope

This Policy applies to Teleperformance and all full or part-time Teleperformance employees. This Policy
applies when processing Teleperformance Records & Information and Client Records.

Definitions

“Applications” – Systems that process or store Records and Information.

“Client” - A company that has contracted with a TP Company for the provision of services to such
company.
“Client Records” - Records received from a Client, the Client’s customers, or generated by
Teleperformance on behalf of the Client including any (a) confidential information as may be defined in
the Client contract or statement of work, and (b) personal data relating to identified or identifiable
individuals that a TP Company may process pursuant to the Client contract or statement of work.
“Department and Functional Leads” – The individuals responsible for managing and overseeing
compliance, and certifying compliance by their respective department, operating subsidiary, or group of
operating subsidiaries, with this Policy.
“Exceptions” – Exceptions to this Policy approved in writing by the Policy Owner.
“Global Data Retention Program” – The program to ensure that Teleperformance handles its Records,
Information and Client Records in a lawful and compliant manner in accordance with this Policy.
“Global Records Retention Schedule” – The approved Global Records Retention Schedule attached to
this Policy, which defines how long Records must be retained, as it may be amended from time to time.
“Global Software Registry” - The central library of Applications and their key elements as maintained by
Teleperformance’s Information Technology department at https://registry.gototp.com.

CONFIDENTIAL TELEPERFORMANCE INFORMATION 4

“Hard Copy” – A physical, tangible, format of Information which is suitable for direct use without
requiring additional digital/automated processing (e.g., printed document, printed photo)
“Information” – Information that has been evaluated, processed, organized, structured, and/or
presented by Teleperformance in a manner that makes it meaningful, useful, and intelligible for the
intended user, registered in either temporary or permanent form.
“Legal Hold Notice” – An instruction from the Legal Department to retain Records and Non-Records in
accordance with their instructions.
“Non-Record” – Information belonging to Teleperformance, whether Hard Copy or Soft Copy, that has
no statutory, legal, fiscal, administrative, operational, or archival value. Non-Records do not have any
retention requirement; they may be disposed of at any time. Examples of Non-Records include routine
emails to schedule or confirm meetings or events, announcements, and notices of a general nature.
“Official Record” – The primary copy of a Record belonging to Teleperformance. The Official Record
must be retained according to the Global Records Retention Schedule and disposed of securely at the
end of the defined retention period.
“Policy” - This Global Data Retention Policy.
“Policy Owner” - The Senior Vice President for Privacy & Compliance.
“Records” - Information, whether Hard Copy or Soft Copy, created, received, and maintained as
evidence by Teleperformance, in pursuance of legal obligations, statutory or regulatory compliance or in
the transaction of business. Records include originals, duplicates, backups, and archive copies. Records
include Teleperformance Records and Client Records.
“Record Retention Codes” – The record retention codes as defined in the Global Records Retention
Schedule.
“Soft Copy” – Any non-physical, intangible, and digital/electronic format of Information that relies on a
device, gadget, or software in order to be useable (e.g., unprinted MS Excel sheet, MS Word file in email,
PDF File in C-drive, etc.). Soft Copy format can either be Structured or Unstructured. For example,
digital records management systems, business and information systems (e.g., case management,
finance, and geographical information systems) and the contents of websites.
“Structured Soft Copy” – A Soft Copy format which is typically created and stored according to a pre-
defined data model and fits into relational tables or can be stored in rows and columns (e.g., CCMS,
iCIMS, electronic receipts, etc.). Information stored in Structured Systems often serves as the official
evidence of the business process that the system facilitates.
“Structured Systems” – Applications that create or store Structured Soft Copies.
“Teleperformance” – Teleperformance SE, its subsidiaries and its affiliates.
“Teleperformance Records” – Official Records and Transitory Records.
“Teleperformance Records & Information” – Official Records, Transitory Records and Non-Records.
“Third-Parties” – The contractors, service providers, consultants, or any other individual and/or
organization external to Teleperformance providing services on behalf of, for, or as an agent of
Teleperformance.
“TP Company” – any subsidiary or affiliate of Teleperformance SE.
“Transitory Records” - Records belonging to Teleperformance that have a temporary utility and are not
required for statutory, legal, fiscal, administrative, operational, or archival purposes. Transitory Records
may not be held for longer than applicable record retention period under the Global Record Retention
Schedule, and may be securely disposed of at any earlier point if there is no operational need to retain

CONFIDENTIAL TELEPERFORMANCE INFORMATION 5

them. Examples of Transitory Records include working documents; convenience copies retained for
reference (e.g., digital copies of the Official Record in paper form and filed as the Official Record); “cc,”
“bcc,” or FYI copies; and archive and backup copies of Records.
“Unstructured Soft Copy” – A Soft Copy format created or stored without a pre-defined data model
(e.g., local storages and C-drives, Sharepoint, Word files, Powerpoint Presentations, chat, email, etc.).
“Unstructured Systems” – Applications that create or store Unstructured Soft Copies.

Policy Statement

Records management is crucial to enable Teleperformance’s business to run in an efficient and organized
manner by ensuring that Teleperformance has ready access to accurate information to support its
decision-making process. By adopting this Policy, Teleperformance endeavors to keep all
Teleperformance Records & Information and Client Records secure, complete, current, accurate,
organized, and accessible for situations when the Records are needed by Teleperformance to:
• Make informed business decisions;
• Respond quickly and effectively to Clients, regulators, and Third-Parties;
• Adhere to its contractual obligations to its Clients in handling Client Records;
• Ensure continuity and consistency in its management and administration;
• Document and keep track of any changes to its policies and procedures;
• Protect its rights and those of its employees;
• Serve as evidence and an audit trail for its business transactions;
• Demonstrate its compliance with applicable laws and regulations;
• Defend its actions and business decisions during litigation, audits, and government investigations.

Accountability

Teleperformance has an obligation to ensure that Teleperformance Records & Information and Client
Records are handled appropriately. Different persons in Teleperformance carry-out specific
responsibilities in relation to Records management as detailed below:

The Policy Owner is responsible for formulating this Policy and developing and overseeing the overall
Global Data Retention Program including this Policy, the Global Records Retention Schedule, Program
procedures, standards and training, and approval of Policy Exceptions.

Each global and/or regional department and each operating subsidiary and/or group of operating
subsidiaries shall appoint Department and Functional Leads to oversee the implementation and overall

CONFIDENTIAL TELEPERFORMANCE INFORMATION 6

management of Teleperformance's Global Data Retention Program under the oversight of the Policy
Owner.

The Legal Department shall be responsible for instituting the suspension of records destruction process
through Legal Hold Notices per the Teleperformance Legal Hold Procedure (attached as Schedule 2).

Department and Functional Leads shall assist in implementation and be responsible for managing and
overseeing compliance, and certifying compliance by their respective department, operating subsidiary,
or group of operating subsidiaries with this Policy.

All Teleperformance employees shall comply with this Policy.

All Third-Parties handling Records and Information on Teleperformance’s behalf should be instructed on
how to comply with the provisions of this Policy. The Teleperformance employee responsible for the
Third-Party relationship must ensure the Third Party is instructed on how to comply with this Policy and
acknowledges that it will comply.

Requirements

Ownership of Records and Information

• All Teleperformance Records & Information are Teleperformance’s property and do not belong
to individual employees or Third Parties.
• Employees who maintain Teleperformance Records & Information in their custody must return
the Records & Information to Teleperformance upon request and, in any event, when leaving
Teleperformance.
• Third Parties must also return Teleperformance Records & Information to Teleperformance
upon request and, in any event, upon termination of service.
• Client Records belong to the Client.

Global Records Retention Schedule

• The Global Records Retention Schedule, as amended from time to time in accordance with this
Policy, is the Teleperformance standard for retention and disposition of all Teleperformance
Records & Information and Client Records.
• New or enhanced business functions will be evaluated to ensure the Records and Information
associated with those functions are included in the Global Records Retention Schedule.
• Individuals subject to this Policy will notify the Policy Owner of additional record types that need
to be evaluated for inclusion in the Global Records Retention Schedule.
• All Exceptions to the Global Records Retention Schedule must be approved and documented by
the Policy Owner.

CONFIDENTIAL TELEPERFORMANCE INFORMATION 7

Retention and Disposition
• Records and Information will be retained and disposed of in a systematic manner, in accordance
with Teleperformance’s security policies and industry standards.
• All Records must be stored in a manner that identifies the applicable Record Retention Code.
• Unless destruction is suspended in accordance with a Legal Hold Notice, instruction of the Policy
Owner, or an approved Exception:
o Official Records must be held for the retention time as defined by the applicable Record
Retention Code, and then securely disposed of.
o Transitory Records must not be retained beyond the end of the retention period as
defined by the applicable Record Retention Code and may be securely disposed of at
any earlier point if there is no operational need to retain them.
• In the event of anticipated or active litigation, legal action, audit, or investigation,
Teleperformance will comply with its Legal Hold Procedure, as described on Schedule 2 to this
Policy, as such Legal Hold Procedure may be amended from time to time.
• Once an Official Record has been finalized, drafts, duplicates and working copies should not be
retained, unless required by a departmental process or by a Legal Hold Notice.
• All Soft Copy Records, whether Teleperformance Records or Client Records, must be stored in
Applications that have been registered in the Global Software Registry.

Protection and Access

• All Records and Information will be maintained in an organized manner to ensure that they can
be located and used when needed.
• Reasonable precautions will be taken to ensure that Records and Information remain readable,
retrievable, and accessible throughout their required retention time period.
• Records and Information are to be protected by the appropriate electronic and physical
safeguards to ensure that access is restricted only to authorized users.
• Records vital to Teleperformance’s business and operations are to be accorded enhanced
protection and Records with historical value are to be properly preserved.
• All Records of a sensitive nature, or records defined as personal information, are to be handled
and disposed of in a manner commensurate with their level of confidentiality, and in compliance
with the requirements of the Teleperformance Information Security & Privacy Standards and the
Teleperformance Group Data Privacy Policy.

Client Records
• All Applications and locations holding Client Records must be identified by the Record Retention
Code – CLS100.
• Unless otherwise instructed by the Legal Department, when a TP Company stores Client
Records, it shall comply with the Client’s instructions provided in the contract signed with such
Client, or as otherwise instructed in writing by the Client.
• Unless otherwise set forth in the Client contract, statement of work, written instruction from
the Client, or an Exception, all Client Records shall be destroyed/erased and/or returned to the

CONFIDENTIAL TELEPERFORMANCE INFORMATION 8

 Client no later than ninety (90) days after termination of the applicable Client contract or
statement of work.
• When laws, regulations or a Legal Hold Notice require storage by Teleperformance of the Client
Records beyond the expiry of the applicable Client contract or statement of work, the TP
Company that is a party to the applicable Client contract or statement of work shall inform the
Client and hold securely and not actively process those Client Records.

Training
• Employees handling Records and Information will receive Records and Information management
training as appropriate to their job duties.

Compliance
This Policy will be monitored for compliance on a regular basis. Failure to comply with this Policy may
result in severe consequences for Teleperformance, including monetary fines and penalties. It could
also result in disciplinary action, up to and including termination, for those who do not comply. Any
individual subject to this Policy who becomes aware of a violation of this Policy shall promptly report the
violation to the Policy Owner.

Exception Process

If local laws, budget, or client requirements prevent a TP Company or a regional or global department
from complying with this Policy, the CEO for the applicable TP Company or the senior-most person in the
regional or global department, as applicable, must submit an Exception Request Form to the Policy Owner
in accordance with Schedule 3. All Exceptions approved by the Policy Owner must be documented in
writing, maintained on file, and made available to auditors or regulatory authorities for inspection, if
required.

Schedule 1 - Global Records Retention Schedule

Teleperformance
RRS Employee Version 1.0 Final 20200615.rtf

CONFIDENTIAL TELEPERFORMANCE INFORMATION 9

Schedule 2 – Teleperformance Legal Hold Procedure

When the Legal Department is informed about any pending or reasonably anticipated litigation
or investigation, the Legal Department will instruct the representatives of the relevant business
departments to preserve and maintain certain Records and Information potentially relevant to
the litigation or investigation. The Legal Department, through its Regional Chief Legal Officers or
their designees, will provide specific instructions when such a situation arises by way of a Legal
Hold Notice.

CONFIDENTIAL TELEPERFORMANCE INFORMATION 10

 Schedule 3 – Exceptions Form
Exception Request Form

This Form should be completed when there is a compelling business reason to depart from the
requirements of the Global Data Retention Policy or normal retention policy of returning or
destroying Client Records within 90 days of termination of the applicable Client contract or
statement of work.

Compeleted forms should be submitted to the SVP Privacy & Compliance:

[email protected].

Date: Original Requester:

Subsidiary Name: Sites & Client/Program affected:

Exception Duration: Exception Expiration:

Exception Request

Reason for Request:

Perceived Risk:

Reference to the local law:

Provide details on how the exception is permitted under the Client contract (where applicable):

CONFIDENTIAL TELEPERFORMANCE INFORMATION 11

Name of the local internal TP lawyer or, if applicable, external legal counsel:

Legal Review Date:

Risk Mitigation (include specifics on where and how long data will be stored and how protected):

Regional CEO Review

Regional CEO name:

Review Date:

Conditions of Approval:

Policy Owner Approval

Name:
Date:

CONFIDENTIAL TELEPERFORMANCE INFORMATION 12

Schedule 4 – Hard Copy Procedure (to be added)

Schedule 5 – Soft Copy Procedure (to be added)

Schedule 6 – Record Retention Compliance & Oversight

(to be added)

CONFIDENTIAL TELEPERFORMANCE INFORMATION 13

/company/teleperformance