Privacy Policy

Last Updated December 1, 2024

TM Forum takes privacy and data protection seriously and seeks to comply with all applicable data protection requirements, including the European Union’s General Data Protection Regulation (GDPR).

This Privacy Statement describes who we are, how we collect and use your personal data and how we share that data.  It also sets out your rights under data protection law in relation to our processing of your personal data. 

If you want more information, or if you have any questions about this Privacy Statement, please get in touch with us using the contact details set out below or by email at [email protected]

• Who we are
• Information we collect
• Where we get your personal data
• Why we use your personal data
• What you can do with your information
• How long do we keep your personal data
• Security
• Transfers outside the EEA
• Amendements to this Privacy Statement
• Who receives your personal data
• About Cookies
• Our Contact Details

Who we are

TM Forum has 800+ member companies and we provide these companies and their employees with a number of different services which are designed to support our members in exploiting new business opportunities and resolving business challenges.

Our activities also include organising conferences and events; providing training and certification; facilitating collaboration programs

Our headquarters and principal place of business is at 181 New Road, Suite 304, Parsippany, New Jersey 07504 United States of America

We are registered in England and Wales as TM Forum Ltd under registration number 11121779, and our registered office is at 6th Floor 25 Farringdon Street, London, United Kingdom, EC4A 4AB

TM Forum is a non-profit organisation dedicated to improving business effectiveness for service providers and their suppliers in the communications and media industries. TM Forum is headquartered in the USA and has a registered office in the United Kingdom.

Information we collect

We collect your biographical data

We collect the following biographical data: name, address, phone number, email address, and profile pictures.  When you participate in our training courses, we will collect data about your educational qualifications and the results you obtain when doing the course. We will also collect information that you post for publication on our websites

We collect your payment data

if you purchase products from TM Forum, we will need to collect your card details from you to process your payment.

We collect data from your interactions with us

If you interact with us we will record details of those interactions.  For example, we will collect details of phone calls, email correspondence and hard copy correspondence. 

When you interact with us online we will automatically collect data about your use of our services, including data on the type of device you’re using, its IP address, your browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. For further information see our cookies policies below.

TM Forum collects personal information about you so that we can provide you with our services and products. This includes your biographical data, your payment data, and data from your interactions with us.

Where we get your personal data

We will collect personal data from you when you interact with us, for example if you register for an event, request information or support, use our services (including our websites) or purchase our products.

Sometimes we will obtain your personal data from others, including in particular your employer. For example, your employer may provide us with your personal data when organising training for staff; registering you for an event; participating in a workshop; adding you to a CurateFx project team or nominating you to participate in a Smart City or Digital Maturity benchmark survey.

In addition our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve users’ experiences.

We collect the personal data that you give us and personal data that we obtain from others, for example your employers.

Why we use your personal data

We will process your personal data on the basis of your consent

If you consent to us sending you marketing messages about our products and services we will process your personal data in order to send you marketing messages and to make sure that any marketing messages that we send you are relevant to you.

You can use the privacy controls on our websites to specify whether you would like to receive a direct marketing communication and limit the publication of your information.  You can withdraw your consent to the processing of your personal data at any time. You can access the privacy controls at www.tmforum.org/my-account.

When you visit our website you will be asked to consent to the placement of cookies on your device.  You do not have to accept our cookies but if you don’t your experience may not be as fulfilling as it would otherwise be. 

We will process your personal data where the processing is necessary for the performance of our contract with you or in order to take steps at your request before entering a contract

We will collect and process biographical personal data from you, namely your name, telephone number, address, email address and IP address in order to provide our products and services to you and perform our contract with you.  Where the contract is one for paid products or services we will also collect your credit or debit card details. Where the contract relates to training or research we may also collect data regarding your educational qualifications and/or experience. 

We will use this data to ensure that we know who you are and that we comply with our obligations under the contract. More specifically we will use this data to:

• manage and administer your membership account and maintain your entry in our membership directory or other products and services that we provide to you
• establish your eligibility for products and services and supply you with those products and services
• process your applications for participation in events that we run, including conferences, seminars, workshops and training
• process payments that are paid by you
• contact you by post, phone, text message, email, social media, or fax using our online website or other means
• monitor and record our conversations when we speak to you on the telephone (for example, to check your instructions to us, to analyse, to assess and improve customer service and for training and quality purposes)
• manage and respond to a complaint or appeal
• keep proper records

We will process your personal data when we have a legitimate interest in doing so

At times we will need to process your data to pursue our legitimate business interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security.  We will not process your data on a legitimate interest basis where the impact of the processing on your interests and rights outweigh our legitimate interests.

We will process the following personal data on the basis of our legitimate interests:

• data about how you use our website and services for the purpose of analysing the use of the website and services
• data relating to your account (including your name and email address) for the purpose of operating our websites, providing our services, ensuring the security of our website and services, and maintaining our backups of your data bases.
• data included in your personal profile on our website for the purpose of enabling and monitoring your use of our website and services.
• data you submit to us relating to an enquiry about our products and services

If do not want us to process your personal data on the basis of our legitimate interests, let us know and we will double check to make sure that our interests in processing your personal data don’t outweigh your interests and rights.

We will process your personal data to comply with our legal and regulatory obligations

We may need to use your information to comply with legal and regulatory obligations, including complying with your information rights, with reporting obligations and with court orders.  We may also need to process your personal data to protect your vital interests or those of another person.

We use your personal data to provide you with our services and to assist us in the operation of our business. Under data protection law, we must ensure that there is an appropriate basis for the processing of your personal data and let you know what that basis is.

We process your personal data on the basis that a) you have consented to the processing; b) the processing is necessary for the performance of our contracts with you or in order to take steps at your request before entering a contract; c) the processing is necessary in order for us to pursue our legitimate interests; and/or d) the processing is required by law.

What you can do with your information

You can ask for access to the information we hold on you

You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of personal data concerned and the recipients of the personal data.

We will provide the first copy of your personal data free of charge but we may charge you a reasonable fee for any additional copies.

We cannot give your access to a copy of your data if this would adversely affect the rights and freedoms of other. For security reasons we will not give your access to credit/debit card details but will delete these from our systems at your request.

You can ask to change information you think is inaccurate

You should let us know if you disagree with something included in your personal data.

We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.  

You can ask to delete information (right to be forgotten)

In some circumstances you can ask for your personal information to be deleted, for example, where: 

• your personal information is no longer needed for the reason that it was collected in the first place
• you have removed your consent for us to use your information (where there is no other legal reason us to use it)
• there is no legal reason for the use of your information

• deleting the information is a legal requirement

Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.

Please note that we can’t delete your information where:

• we’re required to have it by law
• it is used for freedom of expression 
• it is used for public health purposes
• it is for scientific or historical research or statistical purposes where deleting the data would make it difficult of impossible to achieve the objectives of the processing
• it is necessary for legal claims. 

You can ask us to limit what we use your personal data for

 You have the right to ask us to restrict what we use your personal data for where:

• you have identified inaccurate information, and have told us of it
• where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether

When personal data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal data.

You have the right to ask us to stop using your personal data for any of our services. Where possible we’ll seek to comply with your request, but we may need to hold or use data because we are required to by law. You should also be aware that If your request is approved this may cause delays or prevent us delivering that service. 

You can ask to have your personal data moved to another provider (data portability)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your personal information with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

You have a number of rights to control the personal data we use and how we use it. This includes the right to access your personal data, rectify inaccuracies, request that your data be deleted, restrict and/or object to the processing of your data and transfer your personal data to other entities. You may exercise these rights by contacting us via email at [email protected], or by sending a letter to the following address: TM Forum, 181 New Road Suite 304, Parsippany, NJ 07054 USA

How long do we keep your personal data

We will retain data about your use of our websites, products and services and data about your account for three years following the date of last processing of that data. At the end of this three year period, we will remove this data from our systems.

In some circumstances it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests.

We will always retain your personal data where this is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or those of another person.

We only keep your data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements. 

 Security

We update and test our security technology on an ongoing basis. We restrict access to your personal data to staff who need to have access to it to provide services or benefits to you.  We also train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

We are committed to protecting the security of your personal information and have implemented appropriate physical, technical and administrative safeguards.

Transfers outside the EEA

When we transfer personal data to the US, we rely on the Standard Contractual Clauses under Article 46.2 of the GDPR

We may transfer your personal data to our Headquarters . Where necessary, we ensure the safety of your personal data through the adoption of Standard Contractual Clauses

Amendments to this Privacy Statement

We will post any changes on the website and when doing so will change the updated date at the top of this privacy notice.  Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.

In some cases we may provide you with additional notice of changes to this privacy statement, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material.

We may change this Privacy Statement from time to time.

Who receives your Personal Data

We share personal data with members of our group

We may share your personal data with any member of our group of companies (including our subsidiaries, our ultimate holding companies and all its subsidiaries) in so far as reasonably necessary for the purposes set out in this policy.

We share personal data with our agents, consultants, service providers, and representatives of member organizations.

We may share your personal data with our agents, consultants and service providers who process personal data on our behalf to perform functions related to the products and services that we provide. These organisations include our event organisers and registration provider (Stova, US and FieldDrive, EU), database service providers (Pagely, US and Microsoft Azure, US), backup and disaster recovery service providers, email service providers (Microsoft Office 365, US), payment service providers (PayPal, US and Stripe, US), learning management system providers (LearnUpon, Ireland), online Community provider (Higher Logic, US), CRM system providers (Salesforce), Marketing Automation provider (Marketo), survey provider (SurveyMonkey, US), accounting system provider (Sage Intacct, US), collaboration platform providers (Clearvision, US), data analytics and Business Intelligence providers (Google Analytics, US; Microsoft, US; Hotjar US, Feathr, US), and webinar service providers (GotoWebinar, US and ON24, US), Digital Maturity Model and Smart City Maturity Model Apps (Kumulos, US and Auth0, EU). Digital advertising platform provider (LinkedIn). When we engage another organisation to perform functions for us, we may provide them with information including personal data, in connection with their performance of those functions. We may display on our membership website your entry in our membership directory. We do not allow third parties to use personal data except for the purpose of providing these services.

We share personal data with our insurers and/or professional advisers

We may disclose your personal data to [our insurers and/or professional advisers] insofar as reasonably necessary for the purposes of [obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes].

We share data between users of the Digital Maturity Model and other benchmark surveys

We may share anonymised benchmarking with other survey users and/or survey sponsors for research purposes. There is no link to any personal data.

Anonymised benchmarking data is also supplied in aggregate form to sponsors for research purposes. There is no link to any personal data.

We share personal data with sponsors of our Executive Connect Program

When you participate in our Executive Connect Program, we will collect certain data from you. We will use this data to ensure you qualify to participate in our Executive Connect Program, inform you of related activities/events and help our sponsors know more about you when they select their meetings. More specifically:

• Job title/ Business areas, company details and purchasing/budget authority details (details on your application form) are provided to TM Forum staff as well as to Meeting Service sponsors to assist in their selecting the delegates they would like to meet with.
• Contact details are kept confidential and are not provided to any sponsor until after you have met with them. Mobile phones are kept confidential to TM Forum staff only unless you have given your consent to provide it to a specific company.

We share personal data for legal and regulatory purposes

We will also disclose your personal data if required to do so by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements.  We will disclose your personal data if this is necessary to comply with:

•  a legal obligation
• protect or defend our rights, interests or property [or that of a third party]
• prevent or investigate possible wrongdoing in connection with our services
• act in urgent circumstances to protect the personal safety of one or more individuals
• protect against legal liability.

We may share personal data with your employer.

We may share your personal information along with information on your use of our websites and services with your employer if they are a member of TM Forum.

We share your information with a range of organisations for the purpose of providing our products and services to you. We may also share your personal data where this is necessary because of legal or regulatory .

About cookies

Cookies may be either “persistent” cookies or “session” cookies:

• a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date;
• a session cookie will expire at the end of the user session, when the web browser is closed

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Why we use cookies

Cookies help us improve the products and services that we offer you. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies to:

• identify you when you visit our website and as you navigate our website (authentication cookies)
• help us to determine if you are logged into our website and to facilitate single sign on
• store information about your preferences and to personalize the website for you
• help us to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
• help us to display advertisements that will be relevant to you
• help us to analyze the use and performance of our website and services; and
• store your preferences in relation to the use of cookies more generally.

Cookies & Consent

For a list of cookies used by our site and to manage your consent click here.

Our Contact Details

Your privacy is important to us. If you have any comments or questions regarding this Privacy Statement, you can contact us at:

• by post, using the postal address given above;

• using our website contact form;

• by telephone, on the contact number published on our website

• by email, using the email address [email protected]