Table of Contents:
- Sources of Personal Data
- Types of Personal Data We Collect
- How We Use Your Personal Data
- To Whom We Disclose Your Personal Data
- Cookies and Tracking Technologies
- Security and Retention
- Children’s Privacy
- External Links
- Contact Info
- Your Data Protection Rights
- Supplemental Terms for California Residents
- Supplemental Information for the EEA, Switzerland, and the UK
- Supplemental Information for Other Regions
- English Version Controls
This privacy notice (“Notice”) applies to Zendesk, Inc. and its relevant affiliates (“Zendesk,” “us,” “we,” or “our”). Zendesk is a service-first CRM company that builds software designed to improve customer relationships. Zendesk is the controller of personal data described in this Notice, unless otherwise specified. If you are located in the European Economic Area, Switzerland or the United Kingdom, please refer to Section 14(a) of this Notice for more information about which specific entity or entities act as a controller in relation to your personal data.
Our Services are intended for use by businesses. Where our Services are made available to you through a Subscriber of Zendesk, that Subscriber is the data controller of your personal data and you should contact that Subscriber with questions or requests regarding your personal data. Zendesk is not responsible for our Subscribers’ privacy or security practices which may be different from this Notice.
As used in this Notice, “personal data” means any information that relates to, describes, could be used to identify an individual, directly or indirectly. Capitalized terms not defined herein (such as Website, Services, Subscriber, Agent, Agent Contact Information, and other terms) have the meaning provided in our Master Subscription Agreement located here: https://www.zendesk.com/company/agreements-and-terms/master-subscription-agreement/
Applicability: This Notice applies to personal data that Zendesk is the controller of, which may include: (i) data collected through the Zendesk.com website, the Zendesk mobile applications, the Zendesk Marketplace, the Zendesk Developer Portal, our branded social media pages, and other Websites which we operate (collectively, our “Digital Properties”), (ii) data collected in a manner when we post a direct link to this notice, such as in connection with digital communications, paper forms, in person interactions (which may include marketing and outreach activities, like surveys, contests, promotions, sweepstakes, conferences, webinars, and events); (iii) Agent Contact Information; and (iv) data collected about individuals who visit our offices or engage in commercial transactions with us.
This Notice does not apply to the following information:
- Personal Data about Zendesk employees and candidates, and certain contractors and agents acting in similar roles.
- Personal Data that Zendesk processes on behalf of our Subscribers.
Changes: We may update this Notice from time-to-time to reflect changes in legal, regulatory, operational requirements, our practices, and other factors. Please check this Notice periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Notice by posting an update on our Website (and updating the “Last Updated” date at the beginning of this Notice) or in another appropriate manner.
2. Sources of Personal Data
We collect information about you and how you interact with us in several ways, including:
- Information you provide to us directly. We collect the information you provide to us directly. This includes instances when you register and communicate with us directly through our Digital Properties, when you visit our offices, when you participate in our events, or when you participate in our marketing and outreach activities (including surveys, contests, promotions, sweepstakes, conferences, webinars, and events).
- Information collected from your Employer, Coworkers, or Friends. We may collect and process personal data concerning representatives (e.g., employees) of our current, past and prospective customers, suppliers, investors and business partners from such companies or other employees of such companies. We may also receive your name, address, phone number, and company name from a friend as part of a referral.
- Information from public sources. We may collect information from government entities from which public records are obtained and information you submit in public forums, including information made publicly available on social media networks.
- Information from other third parties. We receive information about you from other third parties, such as third party service and content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks, such as the “Facebook Like” button). Your interactions with social media features are governed by the privacy statement of the companies that provide them.
We may combine information that we receive from the various sources described in this Notice, including third party sources and public sources, and use or disclose it for the purposes identified below.
3. Types of Personal Data We Collect
The types of personal data that we collect include:
- Identifiers, such as your name, alias, postal address, unique personal identifier, online identifiers (such as various advertising identifiers), instant messaging ID, internet protocol (IP) address, email address, account or user name, phone number, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers.
- Customer records, such as credit card information. For example, if you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. As further described in Section 5, we may use third-party processors to process this information.
- Commercial information and preferences, including records of creditworthiness, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Geolocation information, such as longitude and latitude from your IP address or mobile device location; city and state through a webform.
- Audio, electronic, visual, and other sensory information, such as video/photo or audio recordings of our premises (e.g., if you attend an event or visit our offices); recordings of your interactions with our sales, advocacy, and supporting teams (e.g., for quality assurance, training, and analysis purposes in accordance with applicable laws); or customer support chat logs.
- Professional or employment-related information, such as your company or employer, company website, your job title and role, training and certification activity, company information, or business address.
- Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences, characteristics, and behavior.
4. How We Use Your Personal Data
We may use each category of your information described above in the following ways:
- To enable interactions and provide our Services to you. We may use your personal data to create, maintain, customize, administer, and secure your account; enable you to access and use the Websites and the Services; to enter, manage, and fulfill our contract with you or your employer; provide, operate, maintain, improve and promote the Websites and Services; process and complete your contact and support requests and send you related information, including purchase confirmations and invoices; inform you of additional features and other Services offered by us; diagnose, repair and track service and quality issues; facilitate an order, download, expiration or termination; send you transactional messages, provide security alerts and updates, and communicate with you about our data practices; manage and promote conferences, webinars, and events registrations; manage and promote surveys, contests, promotions, and sweepstakes; personalize and improve our Digital Properties and your Services experience; deliver content information relevant to your interests; install and configure changes and updates to programs and technologies related to interactions with us; authenticate those who interact with us; and to respond to your requests, complaints, and inquiries.
- To fulfill a referral request. If you choose to use our referral service to tell a friend about our Services, we will use the name and email address that you provide us to contact your friend. You must only provide your friend’s name and email address if you have a reasonable belief they will not object to Zendesk contacting them.
- For our own business purposes. We may use your personal data to evaluate or audit the usage and performance of programs and technologies related to interactions with us; evaluate and improve the quality of your interactions with us, our Services and Websites, and programs and technologies related to interactions with us; design new services; process and catalog your responses to surveys or questionnaires (e.g., customer satisfaction reviews); record phone calls and/or video meetings for quality assurance, training and analysis purposes in accordance with applicable laws (including obtaining consent or an opportunity to object if required by law); perform internal research for technological development and demonstration; conduct data analysis and testing; credit and payment collection, accounting and other similar business functions; and maintain proper business records and other relevant records.
- Corporate transactions. We may use your personal data in connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events. For example, we may use your personal data to comply with requests of a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.
- Consent. We may use your personal data for any other purposes for which you provide consent.
- In a de-identified, anonymized, or aggregated format. Depending on the applicable law, when converted to a de-identified, anonymized, or aggregated format, data may no longer constitute personal data and we may use this information for any purpose not prohibited by law.
EEA individuals: Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context. We will collect personal data from you where we need the personal data in performance of a contract with you (provide Services to you), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent (which can be withdrawn at any time). In some cases, we may also have a legal obligation to collect personal data from you. For more information, please see Section 14 (“Supplemental Information for the EEA, Switzerland, and the UK”).
5. To Whom We Disclose Your Personal Data
We may share your personal data with the categories of recipients described below:
- Affiliates and subsidiaries. We may share your personal data within our group of companies (known as the “Zendesk Group”), which includes parents and our ultimate holding companies, affiliates, subsidiaries, business units and other companies that we acquire in the future after they are made part of the Zendesk Group, who will use it for the purposes described in this Notice.
- Service providers. We may share your personal data with service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, and marketing providers. We may also contract with companies to provide certain services, such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work with them to ensure that your privacy is respected and protected. These companies are prohibited by contract from using this information for their own marketing purposes or from sharing this information with anyone other than with us, unless at our direction as part of providing the service or with your agreement.
- With third parties at your direction or that are necessary to complete transactions. We may disclose your personal data to entities that assist us in fulfilling your orders and requests, such as credit card processors and partners that may supply part of your order. We may also disclose your personal data to third parties that you may direct (such as if you choose to participate in events, offers or promotions that are jointly offered with third parties).
Business partners. We may also provide your personal data to business partners for their own purposes, such as:
- To event sponsors, in which case your information will be subject to the sponsors’ privacy statement(s). If required by applicable law, we will obtain your consent before sharing data with event sponsors.
- To our Subscribers, such as when sharing information about Agents of a Subscriber’s account.
- To channel partners (third-party organizations or individuals that market and sell products and services for us), for the purpose of enabling our channel partners to notify you about our Services. We require our channel partners to provide an opt-out option within their communications to you. By opting-out, you are opting out of receiving future communication from our channel partner.
- To third-party networks and websites for marketing and advertising on third-party platforms and websites.
Professional advisors. We may share your personal data with various professional advisors such as lawyers, accountants, and auditors.
- For legal, security and safety purposes. We may share your personal data to respond to lawful requests by law enforcement or other government authority in accordance with our Government Data Request Policy. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person; to enforce or apply our Master Subscription Agreement, User Content and Conduct Policy, and other agreements; and to protect our rights and our property or safety of our users or third parties; or to otherwise establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors); and as otherwise required by law.
- In connection with a corporate transaction. If we sell/acquire some or all of our assets, merge or are acquired by another entity (including through a sale or in connection with a bankruptcy), or engage in other similar forms of corporate change, we will share your personal data with that entity.
- The public. There may be opportunities for you to make public comments regarding us or our products. If you provide testimonials we may post your name along with the testimonial with your consent. If you provide feedback we may post your name along with the feedback with your consent. We may post anonymized testimonials and content feedback without your consent. Our Websites may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information you post in an Interactive Area might be read, collected, and used by others who access it.
- Consent. We may disclose your information to other third parties with your consent. We may also de-identity, anonymize, or aggregate personal data to share with third parties for any purpose, if legally permitted.
6. Cookies and Tracking Technologies
Cookies, Pixels, and Similar Tracking Technologies Used: We and our authorized partners also collect information via cookies, web beacons, pixels, tags, embedded scripts, session replay tools, SDKs, Local Storage such as HTML5 and Local Shared Objects (“LSOs,” also known as Flash cookies), or other data retrieval and tracking technologies (“Tracking Technologies”), such as your Internet Service Provider and IP address, device identifier, browser type, operating system, your device’s WiFi MAC address or Bluetooth MAC address, the date and time you access our Digital Properties, the pages you accessed while visiting our Digital Properties, and the Internet address from which you accessed our Digital Properties. Cookies are a type of technology that installs a small amount of information on a user’s computer or other device when they visit a website. Cookies permit a website to, for example, recognize future visits using that computer or device. Some cookies exist only during a single session and some are persistent over multiple sessions over time. We and our partners use these Tracking Technologies to ensure basic functionality of our Digital Properties; to remember user preferences (including your preferences regarding Tracking Technologies); maximize the performance of our Digital Properties and Services; provide you with offers that may be of interest to you; measure the effectiveness of our Digital Properties, marketing campaigns, and email communications; and to personalize online content. These Tracking Technologies may be used to track you over time and across devices, websites, and Services.
Additionally, we may employ, either directly or through third parties, tracking pixels. Tracking pixels are tiny, transparent graphics with a unique identifier, similar in function to cookies, and are used to provide analytical information concerning the user experience as well as to support custom marketing activities for users of our Digital Properties. In contrast to cookies, which are stored on a user’s computer hard drive, tracking pixels are embedded invisibly on web pages. Our Digital Properties may use tracking pixels to help us better manage content, such as by improving the user interface or improving our marketing programs or the marketing of our affiliates, business partners, and other third parties (including for interest-based advertising as described below). The Digital Properties may use information to create aggregate tracking information reports regarding user demographics, traffic patterns and purchases. We may also link tracking information with personal data.
Third-Party Companies: To provide you with a more relevant and interesting experience, we may work with third party companies to display ads or customize the content on our Digital Properties or through other communication channels. These companies may use Tracking Technologies as described in this Notice to gather information about you, which may include your precise location, your visits to the Digital Properties, and your visits elsewhere on the Internet. These companies also may use this information to provide you with more relevant advertising known as interest-based advertising, which may include sending you an ad on another online service after you have left our Digital Properties (i.e., retargeting).
Do Not Track: Some browsers have incorporated Do Not Track (“DNT”) preferences. Most of these features, when turned on, send signals to the website you are visiting that you do not wish to have information about your online searching and browsing activities collected and used. As there is not yet a common agreement about how to interpret DNT signals, we do not honor DNT signals from website browsers at this time. However, you may refuse or delete cookies. If you refuse or delete cookies, some of our website functionality may be impaired or some of the advertising served to you may not be relevant for you anymore. If you change computers, devices, or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other Tracking Technologies. You can also find more information on managing cookies at All About Cookies – Manage Cookies.
7. Security and Retention
We maintain reasonable security procedures and technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration, or use.
Where Zendesk is the controller of personal data, your personal data will be generally retained as long as necessary to fulfill the purposes we have outlined in Section 4 of this Notice. This includes retaining your data to provide you with the Services requested and to interact with you; enable your participation in an event, maintain business relationship with you/your company; to improve our business over time; to ensure ongoing legality, safety and security of our services and relationships or otherwise in accordance with our internal retention procedures.
Once you / your company has terminated the contractual relationship with us or otherwise ended your relationship with us, we may retain your personal data in our systems and records in order to: ensure adequate fulfillment of surviving provisions in terminated contracts, or for other legitimate business purposes, such as in order to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with the applicable legal, tax or accounting requirements. Likewise, we will retain your personal data during the applicable statute of limitation period for the establishment, exercise or defense of potential legal claims.
When we have no ongoing legitimate business need nor lawful legal ground to process your personal data, we will delete, anonymize, or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If you would like to know more about retention periods applicable to your particular circumstance, you can contact us using details provided in Section 11 below.
8. Children’s Privacy
Our Websites and Services are not directed to children under the age of 16 and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact email@example.com.
9. External Links
When interacting with us you may encounter links to external sites or other online services, including those embedded in third party advertisements. We do not control and are not responsible for the privacy and data collection policies for such third party sites and services. You should consult such third parties and their respective privacy notices for more information or if you have any questions about their practices.
The Master Subscription Agreement, End-User License and other applicable terms for interactions with us can be found at: https://www.zendesk.com/company/agreements-and-terms/
11. Contact Info
Attn: Privacy Team and DPO
989 Market Street
San Francisco, CA 94103, United States
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
12. Your Data Protection Rights
Laws in certain jurisdictions may provide individuals with rights relating to personal data, such as those listed below. We will honor these rights to the extent required by law.
- Access. You may have the right to obtain confirmation from us if personal data is being processed, and related information; and the right to obtain a copy of your personal data undergoing the processing.
- Rectification. You may have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
- Objection. You may have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. You also have the right to object / opt-out to the processing of your personal data for direct marketing purposes by clicking the unsubscribe link at the bottom of the email marketing communication received or by emailing us at firstname.lastname@example.org.
- Portability. You may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
- Restriction. You may have the right to request to restrict the processing of your personal data in certain cases.
- Erasure. You may request to erase your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.
- Right to lodge a complaint. You also may have the right to lodge a complaint with a supervisory authority in the country where you reside. The contact details for data supervisory authorities in the EEA, Switzerland, and the UK are available here
- Right to refuse or withdraw consent. In case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences by contacting us using the contact information provided above. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
- Automated decision-making. We hereby inform you that the types of automated decision-making referred to in Article 22(1) and (4) GDPR does not take place on our Websites or in our Services. Should this change, we will inform you about it and the fact that you have the right not to be subject to those types of decisions based solely on automated processing and to be given more information about why any such decision was made.
In order to exercise your rights (or other rights that may be available to you under your local data protection laws), please contact us using our webform or by emailing us at email@example.com. We try to respond to all legitimate requests within one month of receipt of the request or as otherwise required under applicable law. If the response will take us longer, we will notify you. If we have reasonable doubts concerning your identity, we may request you to provide us with additional information to verify your identity.
13. Supplemental Terms for California Residents
Pursuant to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about California residents where Zendesk acts as a “business” and supplements the rest of our Notice above. This section does not apply to the following information:
- Information about individuals who are not California residents;
- Information about our own employees, contractors, agents, and job applicants. Such information is subject to a separate privacy notice that we will make available to individuals;
- Information we collect from individuals with whom we engage in solely business-to-business communications and transactions, such as information about the employees of our business partners and customers; and
- Information that we process as a “service provider” to our business customers. In such cases, we follow the instructions of the business that engaged us when processing your personal data, and you should contact that business for more information about how your personal data is processed.
Sources of personal data: See Section 2 above.
Uses of personal data: The business and commercial purposes for which we collect personal information are detailed in Sections 4 and 6 above.
Disclosing personal data: Our data disclosure practices are detailed in the chart below and align with the information provided above in Section 3 (Collection), Section 5 (Disclosures), and Section 6 (Cookies and Tracking Technologies). We do not sell (as such term is defined under the CCPA) personal data, including personal data about individuals under the age of 16.
|Categories of Personal
Information We Collect
|Categories of Third Parties With Whom We Disclose Personal Information for a Business Purpose|
|Commercial information and preferences||
|Internet or other electronic network activity information and device information||
|Audio, electronic, visual, and other sensory information||
- Right to Know. You have the right to request information about the categories of personal data we have collected about you, the categories of sources from which we collected the personal data, the purposes for collecting the personal data, the categories of third parties to whom we have disclosed your personal data, and the purpose for which we disclosed your personal data (“Categories Report”). You may also request information about the specific pieces of personal data we have collected about you (“Specific Pieces Report”).
Right to Delete. You have the right to request that we delete personal data that we have collected from you.
Right to Opt Out. We do not sell personal information.
We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.
Verification: In order to process requests, we will need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases, we will request information about you, which may include your name, email address, or other information. If you submit a Right to Know Specific Pieces Report, we may also request a signed declaration, under penalty of perjury, that you are who you say you are. We may request alternative information under certain circumstances and/or use third parties to help verify your identity.
Authorized Agents: Authorized agents may exercise rights on behalf of California consumers, but we reserve the right to also verify the consumer’s identity directly as described above. Authorized agents must contact us by submitting a request through our webform and indicate that they are submitting the request as an agent. Agents must provide evidence of the agent’s identity, proof of registration with the California Secretary of State (if the agent is a business), and at least one of the following documents evidencing proof of the agent’s legal authority to act on the behalf of the individual consumer: (i) Power of Attorney that we can reasonably verify; or (ii) Signed permission by the Consumer.
Timing: We will respond to Requests to Delete and Requests to Know within forty-five days, unless we need more time in which case we will notify you and may take up to ninety days total to respond to your request.
14. Supplemental Information for the EEA, Switzerland, and the UK
The following terms supplement the Notice with respect to our processing of European Economic Area (i.e., European Union Member States, Iceland, Liechtenstein and Norway), Swiss, and UK personal data. To the extent applicable, in the event of any conflict or inconsistency between the other parts of the Notice and the terms of this Section 14, Section 14 shall govern and prevail with regard to the processing of EEA, Swiss and UK Personal Data.
- Data Controller: The Zendesk entity with which you have a primary relationship with (such as the entity that concluded sales/services/supply contract with you; the entity that has provided you with marketing and promotional materials and communications; the primary entity in the region where you access our Website) is the controller of personal data collected from individuals within the scope of this Notice. In the majority of cases, this will be Zendesk, Inc., unless we specifically inform you otherwise. On some occasions, more than one Zendesk entity may process your Personal Data as independent controllers. If you have any questions about controllership, please contact us (see Section 11 for contact information).
Legal bases for processing: We rely on the following legal grounds for the collection, processing, and use of your personal data:
- The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This includes instances when we need to enable interactions between you and us and to provide our services to you; when we need to facilitate our business relationship with you/companies acting as our investors, suppliers and other business partners; and when we conclude and fulfill our part of the contract with our customers.
- The processing is necessary for compliance with a legal or statutory obligation to which we are subject. This includes instances when we are required by various business laws to carry out various compliance checks (such as export controls) related to our customers, investors, suppliers, and other business partners. It may also include various local tax and accountancy compliance obligations we have to comply with due to the operation of our business.
- The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. This includes instances where we process your personal data for our own internal business-improvement purposes, certain survey and questionnaires we may carry out, and our marketing activities (for example by sending you digital direct marketing related to similar products/services we have provided to you), unless consent is required under applicable laws. We may also provide some of the auxiliary support to our services based on our legitimate business interest to do so, even though we are not required to do so under our contracts, including through various digital communication and other tools we provide in the course of our business / service relationship with you.
- Where you provided us with your consent to the processing of your data for one or more specific purposes. This includes digital direct marketing communications where your consent is required by law or in other instances where we asked for your consent in order to collect and process your personal data (we will inform you at each such occasion).
- The processing is necessary for reasons of public interest in the area of public health. This may include our legitimate interests and legal obligations in the collection and processing of health data from office visitors or event attendees in the context of a pandemic or related health threatening scenarios in order to protect individuals against serious cross-border threats to health or ensuring high standards of quality and safety of health care;
- The processing is necessary for our legitimate interests in the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International Transfers of Personal Data: Due to the global nature of our operations, some of the recipients mentioned in Section 5 of the Notice may be located in countries outside the EEA, Switzerland, or the UK, which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland and the UK. Certain third countries have been officially recognized by the EEA, Swiss and UK authorities as providing an adequate level of protection and no further safeguards are necessary. The below outlines how we protect your Personal Data when transferring it outside those countries.
Intra-group: Intra-group international transfers will be to countries where Zendesk entities are located, in particular the United States of America. The transfer of your Personal Data outside the EEA, Switzerland and the UK to our group companies located in third countries which do not offer an adequate level of protection in comparison with the EEA, Swiss or UK privacy standards will be based on the following safeguards:
- Zendesk Binding Corporate Rules that have been authorized by the EU data protection authorities, and which enable us to transfer personal data lawfully from EEA member states to other Zendesk Group companies around the world. More information on (including a copy of) our Binding Corporate Rules is available here, and evidence of our Binding Corporate Rules approval is available on the European Commission’s website here; or
- The UK Standard Contractual Clauses, as applicable. We may also utilize addendums and other data transfer agreements specific to certain countries.
Third parties: Some of the third parties with whom we share Personal Data are also located outside the EEA, Switzerland or the UK in third countries, which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland or the UK. Transfers to third parties located in such third countries take place using an acceptable data transfer mechanism, such as the EU/UK Standard Contractual Clauses, approved Codes of Conduct and Certifications, on the basis of permissible statutory derogations, or any other valid data transfer mechanism issued by the EEA, Swiss or UK authorities. Please reach out to us using the Contact Info above, if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
Zendesk, Inc., FutureSimple Inc., and Smooch Technologies US Inc. abide by and has certified adherence to the principles of the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks as set forth by the U.S. Department of Commerce; however, we do NOT rely on the Privacy Shield as a lawful mechanism to transfer personal data from the EU, UK, or Switzerland. For more information on the Privacy Shield frameworks, and to view the scope of Zendesk’s certification, please visit https://www.privacyshield.gov/list.
- Intra-group: Intra-group international transfers will be to countries where Zendesk entities are located, in particular the United States of America. The transfer of your Personal Data outside the EEA, Switzerland and the UK to our group companies located in third countries which do not offer an adequate level of protection in comparison with the EEA, Swiss or UK privacy standards will be based on the following safeguards:
- Data Protection Officer: Please find below contact details for our EU and UK data protection officer.
15. Supplemental Information for Other Regions
Australia: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this Notice, is collected, stored, used and/or processed in accordance with the Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles as we further detail here. If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website at http://www.oaic.gov.au. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.
Brazil: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this Policy, is collected, stored, used and/or processed in accordance with Lei Geral de Proteção de Dados (“LGPD”). Those individuals who use or access our Websites or Services expressly consent to the collection, use, storage and processing of their personal data by us for the purposes described in this notice.
Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used and/or processed by the Zendesk Group in accordance with the Zendesk Group’s obligations under PIPEDA.
Japan: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this notice, is collected, stored, used and/or processed in accordance with Japan’s Act on the Protection of Personal Information (“APPI”).
Nevada: We do not presently sell personal data. If you are a Nevada resident, you may nevertheless email us using the information above to exercise your right to opt-out of sale under Nevada Revised Statutes §603A et seq.
New Zealand: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this notice, is collected, stored, used and/or processed in accordance with New Zealand’s Privacy Act 2020 and its 13 Information Privacy Principles (“NZ IPPs”) as we further detail here.
Singapore: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this notice, is collected, stored, used and/or processed in accordance with the Zendesk Group’s obligations under the Personal Data Protection Act 2012 (“PDPA”) as we further detail here.
United Kingdom: Personal data collected, stored, used and/or processed by the Zendesk Group, as described in this Privacy Notice, is collected, stored, used and/or processed in accordance with the Zendesk Group’s obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced (“UK GDPR”).
16. English Version Controls
Non-English translations of this notice are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.
Zendesk Inc. and affiliates:
Zendesk, Inc., Zendesk Brasil Software Corporativo Ltda, Zendesk UK Limited, Zendesk International Limited, Zendesk APS, Zendesk Pty., Ltd, Kabushiki Kaisha Zendesk, Zendesk Incorporated, Zopim Technologies Pte., Zendesk GmbH, Zendesk Singapore Pte. Ltd., We Are Cloud SAS, Base sp. z o. o. (Base spółka z ograniczoną odpowiedzialnością), Zendesk Technologies Private Limited, FutureSimple Inc., Zendesk Korea LLC, Smooch Technologies ULC, Cleverly, Unipessoal, LDA.