And lightly we skip over a bit of a problem.
Salesforce.com is a (very) US business, so I'm not surprised they casually skip over that rather pesky EU privacy problem, let's call it force of habit.
As far as I can tell, if a European business stores customer data there it will have to seek their explicit consent first as Safe Harbour no longer exists (yes, yes, I know all the excuses that it's still OK - start paying attention to the motives of people telling you that and you'll see what that advise is really worth).
I guess the Salesforce hope is that you're enticed enough by the discounts that you overlook that little niggle. After all, it's not their problem that you will end up in trouble with both regulator and customers.