GDPR

Cercme, we take data protection seriously. As a modern CRM platform trusted by businesses to manage sensitive customer information, we are fully committed to complying with the General Data Protection Regulation (GDPR) — the European Union’s comprehensive privacy law that governs how personal data is collected, used, and protected. Our mission is not only to provide powerful and intuitive sales tools but to ensure that the data entrusted to us is treated with the highest standards of privacy, transparency, and accountability.

GDPR came into effect on May 25, 2018, and applies to any organization that processes personal data of individuals located within the European Union (EU), regardless of where the company itself is based. As a global SaaS provider, Cercme’s data handling practices are designed to meet or exceed the requirements outlined in the regulation. Whether you’re an EU citizen or a user anywhere in the world, we extend many of these rights and protections universally as part of our broader commitment to ethical data practices.

Under the GDPR, “personal data” refers to any information relating to an identified or identifiable natural person — such as names, email addresses, phone numbers, IP addresses, or other identifiers used in customer records. Cercme collects and processes such data only when it is necessary for the delivery of our services, for customer support, for platform improvement, or when legally required. We do not collect more data than needed, and we do not process data for purposes unrelated to your use of our platform.

We process personal data in accordance with the lawful bases defined in GDPR, including the necessity of processing for the performance of a contract, compliance with legal obligations, legitimate interests pursued by Cercme or our users, and, where required, user consent. We clearly communicate the purpose of data collection and ensure that users have the ability to review and manage their data preferences at any time.

Cercme implements strong technical and organizational measures to safeguard personal data. These include encryption in transit and at rest, secure authentication, access controls, logging, monitoring, and regular vulnerability testing. We host our services in data centers with strong physical and digital protections, and we engage only with third-party providers that are fully compliant with GDPR and other applicable regulations.

In accordance with GDPR, we are committed to supporting all applicable data subject rights, which include:

• The right to be informed: Users have the right to understand what data is being collected and why.
• The right of access: Users can request a copy of the personal data we hold about them.
• The right to rectification: Users may request corrections to inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”): Users can request deletion of their personal data when no longer necessary or when consent is withdrawn.
• The right to restrict processing: Users can limit how their data is used under certain circumstances.
• The right to data portability: Users may receive their data in a structured, commonly used format.
• The right to object: Users may object to processing that is based on legitimate interests.
• Rights in relation to automated decision-making and profiling: Users have protections against decisions made solely by automated means.

Cercme has established internal procedures for responding to all such requests within the regulatory timeframe. Data subject requests can be submitted by contacting our support team at support@cercme.com. We verify the identity of the requester before fulfilling any access or deletion request to ensure security and accuracy.

We also offer built-in GDPR compliance tools for our customers who use the Cercme platform to manage data subjects of their own. These tools allow businesses to easily export, delete, or anonymize customer records, log consent, and manage communication preferences. This ensures that Cercme customers can fulfill their own obligations as data controllers when using our platform.

Where data transfers are necessary — for example, when data is transmitted between the EU and our hosting infrastructure — we ensure that such transfers are lawful and protected through standard contractual clauses (SCCs) or other approved mechanisms. We continue to monitor updates from regulatory authorities and implement changes as needed to maintain compliance across jurisdictions.

Our team is dedicated to maintaining a culture of privacy awareness throughout our company. We provide training to employees, conduct regular audits, and embed privacy-by-design principles into the architecture of our products. We believe that respecting privacy is not only a legal requirement but also a reflection of the trust our users place in us.

In the event of a data breach, Cercme has a formal incident response policy in place. Should a breach affecting personal data occur, we will promptly notify affected individuals and regulators as required by GDPR. Transparency and swift response are core to how we handle any data security event.

We continue to evolve our practices in line with GDPR and emerging data protection laws around the world. Our compliance efforts are ongoing and proactive, not reactive, and we welcome questions or concerns from users, customers, partners, and regulators. If you have any inquiries related to GDPR, personal data handling, or your rights under the regulation, please reach out to our Data Protection Officer at privacy@cercme.com.

Cercme is proud to support a future where privacy is standard, not optional — and we’re committed to being a trusted partner in your business’s success.