Free Word download • Edit online • Save & share with Drive • Export to PDF
A Call Center and Telemarketing Agreement is a legally binding contract between a client company and a third-party call center or telemarketing firm that governs every material aspect of a phone-based outreach or customer support engagement. It defines which services will be performed and using which approved scripts, sets measurable performance standards and KPIs, allocates regulatory compliance responsibilities under laws such as the TCPA, CASL, and GDPR, establishes data protection obligations for customer information exchanged between the parties, and specifies fees, invoicing terms, and termination rights. Unlike a general service agreement, this document includes telemarketing-specific provisions that address the joint regulatory liability both the client and the call center face whenever consumer data is used for commercial calling campaigns.
Without a signed call center and telemarketing agreement in place before a single call is dialed, both you and your vendor face undefined exposure on multiple fronts simultaneously. The FTC and FCC treat clients and call centers as jointly liable for TCPA violations — meaning your vendor's failure to scrub a DNC list can generate per-call fines of up to $1,500 that courts will hold you responsible for alongside them. Customer data transferred to the call center with no contractual data protection terms leaves you in breach of GDPR, CCPA, or Canada's Law 25 if that data is misused or breached. Vague scope language and undefined KPIs create disputes over what was promised and what was delivered, while the absence of a liability cap can expose either party to damages that dwarf the contract value. This template closes those gaps by clearly allocating compliance duties, protecting customer data, defining what a qualified lead actually means, and capping liability — so both sides can focus on campaign performance rather than litigation.
| If your situation is… | Use this template |
|---|---|
| Outsourcing outbound sales calls to generate new leads | Call Center and Telemarketing Agreement (Outbound) |
| Engaging a vendor for inbound customer service and helpdesk calls | Customer Service Outsourcing Agreement |
| Short-term campaign-based telemarketing without ongoing service | Telemarketing Services Agreement (Fixed Term) |
| Hiring an independent telemarketer rather than a firm | Independent Contractor Agreement |
| Sharing customer data with a call center under GDPR or CCPA | Data Processing Agreement |
| Engaging a call center that also handles chat and email support | Business Process Outsourcing (BPO) Agreement |
| Formalizing a referral or lead-passing arrangement with a partner | Lead Generation Agreement |
Why it matters: The FTC and FCC treat both the client and the call center as jointly liable for TCPA violations. Without a clear contractual allocation, the party with deeper pockets pays for the other's error.
Fix: Include a specific clause naming which party handles DNC scrubbing, consent verification, and required verbal disclosures — and back each obligation with a corresponding indemnity.
Why it matters: Without a written definition, the call center invoices for contacts that do not meet the client's actual sales criteria, leading to invoice disputes, withheld payments, and relationship breakdown.
Fix: Define qualified lead with at least three objective criteria — minimum call duration, specific consumer affirmation, and verified contact information — and require a reporting extract to document each qualifying event.
Why it matters: If the call center suffers a data breach and the contract is silent on timing, the client may not learn about it for weeks — well past the 72-hour GDPR reporting window, triggering regulatory fines against the client.
Fix: Require written breach notification within 72 hours of discovery and specify the minimum information the notice must contain: nature of breach, data affected, and remediation steps taken.
Why it matters: TCPA class actions regularly reach seven figures. Without a contractual cap, a single campaign error by the call center can expose the client to unlimited damages with no right of proportional recovery from the vendor.
Fix: Cap each party's aggregate liability at total fees paid in the prior 12 months and carve out only fraud, gross negligence, and willful regulatory violations from the cap.
Why it matters: Post-start execution creates a gap period during which no contractual compliance obligations, data protection terms, or indemnities were in effect — a gap that regulators and opposing counsel will exploit.
Fix: Execute the agreement at least two business days before the first call is dialed. If circumstances require a retroactive effective date, document the parties' prior consent in writing.
Why it matters: Most auto-renewal clauses require 30–60 days' advance notice to terminate. Missing the window can lock the client into a full additional term with early-termination fees running to tens of thousands of dollars.
Fix: Set a calendar alert for the termination notice deadline on the day of signing, and include a plain-language callout box in the contract header stating the notice-by date.
In plain language: Identifies the client company and the call center or telemarketing firm as legal entities, states the purpose of the arrangement, and defines key terms used throughout the agreement.
This Call Center and Telemarketing Agreement ('Agreement') is entered into as of [DATE] between [CLIENT LEGAL NAME], a [STATE/PROVINCE] [ENTITY TYPE] ('Client'), and [CALL CENTER LEGAL NAME], a [STATE/PROVINCE] [ENTITY TYPE] ('Service Provider').
Common mistake: Using trade names instead of registered legal entity names — if a dispute arises, the wrong party name can complicate enforcement or create confusion about which entity bears liability.
In plain language: Describes exactly what the call center will do — outbound dialing, inbound support, script delivery, appointment setting — and attaches any approved scripts or calling lists as exhibits.
Service Provider shall perform the following services: [OUTBOUND / INBOUND] telemarketing calls using the Approved Script attached as Exhibit A, targeting the contact list provided by Client, during the hours of [HOURS] in the [TIME ZONE] time zone.
Common mistake: Describing services too broadly (e.g., 'all telemarketing services as needed') without attaching approved scripts or defined contact lists — this creates scope disputes and compliance exposure when agents deviate from authorized messaging.
In plain language: Sets measurable benchmarks the call center must meet, such as minimum call volume per day, lead conversion rate, average handle time, and abandon rate, along with consequences for missing them.
Service Provider shall maintain a minimum contact rate of [X]% of the daily call list, a lead conversion rate of no less than [X]%, and an abandon rate not exceeding [X]%. Failure to meet any KPI for [X] consecutive weeks shall constitute a material breach.
Common mistake: Setting KPIs without defining the measurement methodology — using different calculation methods for the same metric leads to disputes over whether targets were met.
In plain language: Allocates responsibility between client and call center for compliance with telemarketing laws, including DNC list scrubbing, TCPA consent verification, calling hour restrictions, and required disclosures.
Service Provider shall scrub all calling lists against the National Do-Not-Call Registry no less than [31] days prior to each campaign. Client warrants that all contact lists provided have been obtained in compliance with applicable law, including [TCPA / CASL / PECR]. Each party shall indemnify the other for violations arising from its own acts or omissions.
Common mistake: Leaving compliance responsibility undefined between parties — when a TCPA violation occurs, both the client and the call center can be jointly liable, and without clear allocation, cost-sharing disputes become protracted and expensive.
In plain language: Requires agents to use only client-approved scripts and prohibits making any representations about the client's products or services not expressly authorized in writing.
Service Provider shall ensure all agents use only the Approved Script as provided in Exhibit A. Agents are prohibited from making any representation regarding Client's products, pricing, or terms not expressly authorized in writing by Client. Client may update the Approved Script upon [X] business days' written notice.
Common mistake: Failing to specify a script update process — when the client changes offer terms, agents operating from an outdated script may make misrepresentations that expose the client to FTC enforcement or consumer fraud liability.
In plain language: Governs how the call center may collect, use, store, and return or destroy customer data, prohibits use of the data for any purpose outside the agreed services, and imposes breach notification obligations.
Service Provider shall process Client Data solely for the purpose of performing the Services under this Agreement and shall implement industry-standard security measures. In the event of a Data Breach, Service Provider shall notify Client within [72] hours of discovery. Upon termination, Service Provider shall return or destroy all Client Data within [30] days.
Common mistake: Omitting a specific breach notification timeline — without a contractual obligation, the call center has no incentive to notify promptly, and delayed notification can expose the client to regulatory fines under GDPR or state breach-notification laws.
In plain language: States the fee structure (hourly, per-lead, per-seat, or monthly retainer), invoicing schedule, payment due date, and consequences for late payment.
Client shall pay Service Provider a fee of $[X] per [hour / qualified lead / appointment], invoiced [weekly / monthly]. Invoices are due within [Net 30] days of receipt. Overdue balances accrue interest at [1.5]% per month. Service Provider may suspend services after [10] days' notice of nonpayment.
Common mistake: Agreeing on a per-lead fee without defining what constitutes a 'qualified lead' — vague qualification criteria lead to disputes over which contacts the client must pay for.
In plain language: States the initial contract term, automatic renewal provisions, notice required to terminate, and conditions allowing immediate termination for cause or convenience.
This Agreement commences on [DATE] and continues for [X] months ('Initial Term'), renewing automatically for successive [30]-day periods unless either party provides [30] days' written notice. Either party may terminate immediately for material breach that remains uncured [15] days after written notice.
Common mistake: Including an auto-renewal clause without a notice deadline — clients miss the termination window, automatically renew for a full additional term, and face early-termination fees they did not anticipate.
In plain language: Requires each party to indemnify the other for losses caused by its own breaches or negligence, and caps the total liability of each party at a defined dollar amount or multiple of fees paid.
Each party ('Indemnifying Party') shall indemnify and hold harmless the other from any third-party claims arising from the Indemnifying Party's breach of this Agreement or violation of applicable law. In no event shall either party's aggregate liability exceed the total fees paid in the [12] months preceding the claim.
Common mistake: No liability cap at all — without one, a single TCPA class action triggered by a call center error could expose the client to unlimited damages; the cap allocates that risk contractually.
In plain language: Specifies which jurisdiction's law governs the agreement and how disputes are resolved — typically arbitration or mediation before litigation, with a chosen venue.
This Agreement shall be governed by the laws of [STATE / PROVINCE]. Any dispute shall first be submitted to non-binding mediation in [CITY]. If unresolved within [30] days, the dispute shall be settled by binding arbitration under [AAA / JAMS] rules, except that either party may seek injunctive relief in any court of competent jurisdiction.
Common mistake: Selecting a governing law jurisdiction with no connection to where either party operates — courts in some states will apply local consumer protection law regardless of the contractual choice, making the clause ineffective.
Use the full registered corporate name for both the client and the call center — not trade names or brand names. Include state or province of incorporation, principal address, and the name and title of the authorized signatory for each party.
💡 Confirm the call center's registered entity name on your state's business registry before signing — operating names and legal names frequently differ.
Specify whether services are inbound, outbound, or both. List the campaign types (lead generation, appointment setting, customer support), calling hours, time zones, and languages. Attach the approved calling script and contact list as Exhibit A and Exhibit B.
💡 Requiring written client approval for any script deviation — even minor ad-libs — is the single most effective way to prevent unauthorized representations.
Define at least three to five quantifiable performance metrics: daily call volume, contact rate, lead conversion rate, average handle time, and abandon rate. Specify how each is measured and at what frequency.
💡 Tie KPI failures to a defined remedy — a service credit, additional calling hours, or termination right — rather than leaving the consequence undefined.
Clearly state which party is responsible for DNC list scrubbing, TCPA consent record-keeping, CASL or PECR compliance (for Canadian and UK campaigns), and required verbal disclosures. Do not leave compliance ownership ambiguous.
💡 Attach a compliance exhibit listing every applicable law by jurisdiction if your campaign spans multiple countries — this protects both parties in a regulatory audit.
Specify what customer data the call center may access, how it must be secured, the breach notification window (72 hours is the GDPR standard), and the data return or destruction obligation on termination.
💡 If the call center will process EU or UK personal data, a separate Data Processing Agreement (DPA) may be required under GDPR in addition to this contract.
Enter the fee model (hourly, per-lead, per-seat, or retainer), the billing cycle, and the payment due date. If using per-lead pricing, write a precise definition of a qualified lead — minimum call duration, specific consumer responses, or verified interest criteria.
💡 Ask the call center for sample reporting that shows how they track and document lead qualification — if their system cannot produce it, the definition is unenforceable in practice.
Choose an initial term appropriate to your campaign length (typically 3–12 months), set a clear auto-renewal notice window, and specify the cure period for material breaches before termination is triggered.
💡 Add a calendar reminder for the termination notice deadline at the time of signing — auto-renewal clauses routinely trap clients into unwanted extensions.
Both authorized signatories must sign before the call center dials a single number. Retroactive signing creates gaps in the compliance and data-protection record that regulators and courts will notice.
💡 Use a timestamped e-signature platform so the executed date is documented independently of the parties' claims.
A call center and telemarketing agreement is a legally binding contract between a company that needs phone-based outreach or customer support and the third-party call center or telemarketing firm it engages to deliver those services. It defines the scope of calls, approved scripts, performance standards, regulatory compliance responsibilities, data protection obligations, fees, and termination rights. Without it, both parties face undefined liability for regulatory violations and service disputes.
Any company that outsources outbound sales calls, lead generation, appointment setting, or inbound customer support to a third-party operator needs this agreement. It is equally important to the call center itself, which needs documented performance expectations and liability limits. Regulated industries — financial services, healthcare, insurance — face particularly high enforcement risk without one.
In the US, the primary laws are the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), and the National Do-Not-Call Registry. Canada requires compliance with CASL and the CRTC's Unsolicited Telecommunications Rules. The UK is governed by PECR and the ICO's TPS registry. The EU requires GDPR-compliant data processing and member-state-specific consent rules. The agreement should name each applicable law and assign compliance responsibility explicitly.
The agreement should specify which party is responsible for each TCPA obligation: the call center typically handles DNC list scrubbing and calling-hour compliance; the client typically warrants that provided contact lists contain properly obtained consent. Each party should indemnify the other for violations arising from its own acts. Without this allocation, US courts and the FCC may hold both parties jointly liable for per-call fines of $500–$1,500.
At minimum, include daily or weekly call volume targets, contact rate (percentage of numbers reaching a live person), lead conversion or appointment rate, average handle time, and call abandon rate. Each KPI should state how it is measured, the reporting frequency, and the consequence — service credit, additional hours, or termination right — for missing it. Leaving consequences undefined makes KPIs unenforceable.
Yes, if the call center processes personal data of EU or UK residents, GDPR Article 28 requires a Data Processing Agreement (DPA) between the data controller (typically the client) and the data processor (the call center). The call center and telemarketing agreement can incorporate DPA terms by reference or as an exhibit, but the substantive GDPR obligations must be documented separately and in full.
The agreement should specify who owns recordings, how long they are retained, who may access them, and which party is responsible for obtaining legally required consent before recording. In the US, 11 states require two-party (all-party) consent to record a call. In the UK and EU, GDPR consent or legitimate interest must be established. Silence on recording is a significant compliance gap.
Early termination rights depend on the contract terms. Most agreements allow immediate termination for material breach after a cure period — typically 15 to 30 days' written notice. Termination for convenience usually requires 30 to 60 days' advance notice and may trigger an early-termination fee equal to a defined number of months' fees. Review the auto-renewal and notice provisions carefully before signing.
For straightforward domestic outsourcing arrangements, a well-drafted template is a strong starting point. Engage a lawyer when the campaign spans multiple jurisdictions, when the call center will handle sensitive consumer financial or health data, when the contract value exceeds $50,000, or when the client is in a heavily regulated industry such as financial services, healthcare, or insurance. A 1–2 hour attorney review typically costs $400–$800 and is worthwhile given the TCPA and GDPR exposure involved.
An independent contractor agreement engages an individual freelancer for defined project work with no employment entitlements. A call center and telemarketing agreement governs a commercial B2B services relationship with a firm operating multiple agents, SLA obligations, compliance programs, and data-handling infrastructure. The regulatory compliance and data protection complexity of telemarketing requires the more detailed commercial contract.
A general service agreement covers the commercial terms of any professional services engagement but lacks telemarketing-specific provisions — DNC compliance allocation, TCPA indemnities, approved script controls, and call recording consent. Use a general service agreement for non-regulated services; use this template when phone-based outreach triggers consumer protection law.
A BPO agreement covers a broader operational outsourcing relationship that may include back-office processing, chat, email, and social media support alongside voice. A call center and telemarketing agreement is narrower and deeper — it includes telemarketing-specific regulatory provisions not found in a generic BPO contract. Use the BPO agreement when voice is one of many outsourced channels; use this template when telemarketing compliance is the primary concern.
An NDA protects confidential information during discussions before a contract is executed. It does not govern service delivery, performance, fees, or regulatory compliance. When engaging a call center, an NDA may be appropriate pre-contract but must be supplemented by this agreement before any calling campaign begins and before any customer data is transferred.
FINRA and CFPB oversight requires documented consent records, call recording retention of at least 3 years, and strict limits on representations agents may make about rates or terms.
HIPAA requires a Business Associate Agreement alongside this contract whenever the call center accesses protected health information; scripts must avoid unauthorized medical claims.
State insurance departments regulate telemarketing of insurance products separately from general TSR rules; approved script requirements and licensing verification are critical compliance elements.
High call volume and seasonal campaigns mean DNC scrubbing frequency and per-lead pricing definitions are the primary contractual flashpoints, especially during holiday campaign surges.
State-specific do-not-call rules apply on top of the national registry; scripts promoting investment properties must include required risk disclosures and cannot guarantee returns.
Outbound SDR campaigns using predictive dialers trigger TCPA autodialer rules; data-sharing with call centers processing EU user data requires a GDPR-compliant DPA as an exhibit.
The TCPA and the FTC's Telemarketing Sales Rule are the primary federal frameworks. Both the call center and the client can be held jointly liable for TCPA violations, with statutory damages of $500–$1,500 per call. Eleven states require all-party consent for call recording. California, Florida, and New York impose additional state-level telemarketing requirements that must be addressed in the compliance exhibit.
Canada's Anti-Spam Legislation (CASL) governs electronic commercial messages, while the CRTC's Unsolicited Telecommunications Rules and the National DNCL regulate voice calls. Express consent is required for most commercial telemarketing. Quebec's Law 25 (privacy law reform) imposes additional data protection obligations that effectively require DPA-equivalent contractual terms for any processor handling Quebec residents' data.
The Privacy and Electronic Communications Regulations (PECR) govern direct marketing calls in the UK, enforced by the ICO alongside UK GDPR post-Brexit. Organisations must screen numbers against the Telephone Preference Service (TPS) before calling. The ICO has issued fines exceeding £500,000 for PECR violations. A UK GDPR-compliant data processing addendum is required when the call center handles UK consumer data.
GDPR Article 28 mandates a written Data Processing Agreement whenever a call center processes EU residents' personal data. Member states apply varying consent standards for marketing calls — Germany and Austria require prior opt-in; France and Italy apply sector-specific rules. The ePrivacy Directive governs electronic direct marketing and is in the process of being updated by the ePrivacy Regulation, which will tighten consent requirements further.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Domestic US or single-province Canadian campaigns with a straightforward outbound lead generation or inbound support scope | Free | 30–60 minutes |
| Template + legal review | Multi-state or cross-border campaigns, sensitive consumer data, or contract values above $25,000 | $400–$800 | 2–5 days |
| Custom drafted | Financial services, healthcare, or insurance campaigns subject to industry-specific regulations, or multi-jurisdiction EU/UK programs requiring integrated GDPR compliance | $2,000–$8,000+ | 2–4 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever Plan · No credit card required
