CM.com designs and develops core applications and services in house. When developing software and systems, Privacy is at the core of the design.
CM.com believes that information and communication related to privacy should be accessible and easy to understand for individuals.
CM.com provides Conversational Commerce services from its cloud platform that connects enterprises and brands to the mobile phones of billions of consumers worldwide.
As a Conversational Commerce service provider that connects customers and consumers around the world, privacy and data protection are critical.
CM.com is entrusted with confidential and personal data of customers such as financial institutions, governments, law enforcement agencies, enterprises and their end-users.
CM.com’s privacy program is therefore extensive and covers a multitude of products and services, with the privacy-by-design and privacy-by-default principles at the core.
CM.com owns and operates its own datacenters and infrastructure around the world for its core services. Our headquarters and primary datacenter are located in the Netherlands.
A multi-disciplinary team of qualified professionals to govern our global privacy program.
We apply the highest standards and principles to the suppliers that help us deliver our services.
Trust, confidentiality, data protection and privacy have been CM.com's core business since 1999.
CM.com processes personal data of customers’ customers, also referred to as end-users, in the delivery of its services. Generally speaking, CM.com shall process this personal data on behalf of its customer and shall therefore qualify as a processor instead of a controller (or similar) under applicable laws. CM.com shall at all times adhere to the agreement with customer and any lawful instructions provided thereunder. This applies for instance to retention of personal data or the categories of personal data that are processed.
Where CM.com determines the goals and means of processing personal data related to end-users, it shall qualify as an independent controller under applicable laws. An example is CM.com’s Messaging and Voice services where certain data must be processed for adequate routing, connectivity and billing of electronic communications. For instance, phone numbers of recipients of SMS traffic. Please refer to the section on communications data below.
In the provision of electronic communications services, CM.com processes data that is necessary for the purpose of conveying communications and for the billing in respect of that communication, in addition to processing communications content data on behalf of customers.
Traffic and Billing Data includes any data that is necessary to carry out the communication and includes naming, numbering or addressing information and data referring to the routing, duration, time or volume of a communication, the protocol used, to the location of the terminal equipment of the sender or recipient, to the network on which the communication originates or terminates, to the beginning, end or duration of a connection and the format in which the communication is conveyed by the network.
This data contains limited personal data as defined under applicable laws, such as phone numbers of recipients. This data is processed by CM.com as an independent controller under applicable telecommunications and privacy laws and regulations.
CM.com utilizes a global network of electronic communications services providers to ensure that the communications of our customers reach their intended recipients, wherever they may be located. In the provision of these communications services, CM.com may therefore transmit communications to third party communications service providers to deliver the communication to the intended recipient. Where these third parties act as mere conduits in transmitting such communications, they are normally not considered (sub)processors of CM.com under applicable laws and thus are not included on the (sub)processor list.
The following specific provisions apply with regard to CM.com's processors and subprocessor's to the jurisdictions below:
“Processor” includes “operator” as defined in the LGPD.
“Personal data” includes “personal information” as defined in the CCPA.
"Controller" includes "personal information processor" as defined in the PIPL.
“Personal data” includes “personal information” as defined in the PIPL.
"Processor" includes "entrusted party" as defined in the PIPL.
“Personal data” includes “personal information” as defined in the APPI.
“Personal data” includes “personal data” as defined in the PDPA.
"Controller" includes "responsible party" as defined in the POPIA.
"Personal data" includes "personal information" as defined in the POPIA.
"Processor" includes "operator" as defined in the POPIA.
Select a region to show relevant information. This may change the language.
Is this region a better fit for you?