CoreSwitch Privacy Notice
Last Updated: January 13, 2025
Introduction
CoreSwitch is committed to protecting your privacy. This Privacy Notice explains how we collect, use, share, and secure personal data related to our Services and business operations. It applies to our customers, end users, website visitors, and business contacts.
CoreSwitch follows Binding Corporate Rules (BCRs) to ensure a high standard of data protection globally. We act as either a data controller (determining the purpose and means of data processing) or a data processor (processing data on behalf of customers) depending on the service.
This Privacy Notice does not apply to job applicants; such data is covered under our Global Applicant Privacy Notice.
Personal Data We Collect
The personal data we collect varies based on your relationship with us and the services you use.
Personal Data You Provide Directly:
- Contact Information: Name, email, phone number, company name, business address.
- Customer Account Data: Purchase history, account administrators, billing details, and identity verification (KYC data).
- Customer Content: Communications, uploaded data, and any other information provided via our Services.
- Marketing & Contact Preferences: Data on your marketing choices.
- Payment Information: Credit card, PayPal details, and billing addresses.
- Professional Information: Job title, company details.
- Subscriber Records: Information required by local regulations for specific services.
- Support & Feedback: Messages and interactions with our support team.
Personal Data We Generate or Collect Automatically:
- Communications Usage Data: Phone numbers, call/message metadata, timestamps, and delivery statuses.
- Device Information & IP Addresses: Collected via tracking technologies.
- Online Activity Information: Browsing data, page interactions, session times.
- Security Identifiers (SIDs): Unique API tokens for authentication.
- Customer Proprietary Network Information (CPNI): Telecom usage data.
Personal Data Collected from Other Sources:
- Add-On Services: Data from partner integrations.
- Professional Data: Public or third-party sources.
- Social Media Data: Data from LinkedIn, Meta, etc., depending on user settings.
- Telecom Data: SIM status, phone type, and location details.
How We Use Personal Data
We process personal data for the following purposes:
| Purpose | Personal Data Used | Legal Basis |
|---|---|---|
| Account creation, identity verification (KYC) | Contact info, payment info, subscriber records | Legal obligation, legitimate interest |
| Business operations (accounting, auditing, reporting) | Account data, support & feedback, professional data | Legitimate interest |
| Billing & relationship management | Contact info, payment info | Legitimate interest |
| Service optimization & troubleshooting | Device info, usage data | Legitimate interest |
| Security, fraud detection | Device info, subscriber records, telecom data | Legal obligation, legitimate interest |
| Customer support | Contact info, support messages | Legitimate interest |
| Marketing & analytics | Contact info, social media data | Legitimate interest, consent |
| Legal compliance | Subscriber records, usage data | Legal obligation |
| Product development & research | Usage data, anonymized analytics | Legitimate interest |
How We Share Personal Data
We may share personal data under the following conditions:
- Telecom Providers: To route and deliver communications.
- Third-Party Service Providers: Operational support (e.g., payment processing, cloud storage).
- Add-On Partners: If users integrate third-party services.
- CoreSwitch Group Members: For business operations.
- Legal & Regulatory Compliance: To fulfill legal obligations.
- Business Transfers: In case of mergers or acquisitions.
- Anonymized Data Sharing: For research and analysis.
International Data Transfers
CoreSwitch ensures data protection when transferring data internationally through:
- EU-U.S. Data Privacy Framework
- Binding Corporate Rules (BCRs)
- Standard Contractual Clauses (SCCs)
Data Security & Retention
We implement security measures in line with ISO 27001 and NIST standards:
- Encryption: Protecting data in transit and at rest.
- Access Controls: Restricting access to authorized personnel.
- Threat Monitoring: Detecting and preventing security breaches.
Data Retention: Personal data is stored only as necessary for business or legal reasons. Data is deleted when no longer required.
Your Rights & Choices
Depending on applicable laws, users have the right to:
- Access, correct, or delete their data.
- Restrict or object to data processing.
- Withdraw consent for marketing or tracking.
- Opt-out of targeted advertising.
- Request a human review of automated decisions.
Users can submit requests via self-service tools or contact [email protected].
Special Cases
- Children’s Data: Our services are not for users under 13 (or 16 in some jurisdictions). If detected, accounts will be deleted.
- Automated Decision-Making: We use AI for fraud detection and account verification, with an option for human review.
Contact Information & Updates
Privacy Questions? Contact our Data Protection Officer (DPO): [email protected]
CoreSwitch Headquarters: Fascination Boulevard 216, Rotterdam, 3065WB, The Netherlands.
Changes to this Privacy Notice
CoreSwitch may update this Privacy Notice periodically. Users will be notified of material changes, and consent will be sought where required.
This Privacy Notice ensures compliance with GDPR, CCPA, and industry best practices, providing transparency and control over personal data.