Zendesk updates its Terms and Policies

July 1, 2017

It only happens once in a blue moon, but it’s here—Zendesk has updated its Master Subscription Agreement (“MSA”) and Privacy Policy! In an effort to better serve our customers, we periodically update our terms to address things like changes in law and the introduction of new features and functionality. In addition, we are always working to revise our agreements to make them easier to read and understand.

We take our responsibilities to our customers seriously and value transparency in our interactions, so we’ve put together this summary of the more significant changes to our terms and policies. We understand it can be tempting to not pay attention to these, but it really is important. Please note that this is also just a summary of the changes. I urge you to review our updated terms and policies carefully to fully understand them.

If You are a new Subscriber, then our updated MSA and Privacy Policy will be effective as of July 1, 2017. If You are an existing Subscriber, we are providing You with prior notice of these changes which will be effective as of August 1, 2017. For our channel customers, such as those customers that purchased a subscription to our products through a reseller, we have made similar changes to our Reseller Subscription Services Agreement that will also be effective July 1, 2017 for new customers and August 1, 2017 for existing customers.

Some of the major updates to our MSA include:

We have completed the BCRs approval process from the European Data Protection Authorities (EU DPAs)

We are pleased to announce that we have received approval for our Binding Corporate Rules (BCRs), covering the personal data of our customers and that of our own European Economic Area (EEA) employees. To gain approval from the EU DPAs, we underwent a robust review of our global group of companies’ data privacy policies and procedures. The BCRs are based on rigorous criteria and we are extremely excited to be one of only a few cloud platforms in the world to have received approval for our BCRs. BCRs are company-specific data protection policies which enable multinational companies to transfer personal data within their group (as data controllers) and to process personal data on behalf of its EEA customers in locations outside the EEA (as data processors), including the use of subprocessors where approved. Our BCRs are also intended to ensure that personal data has an identical level of protection and security no matter where the customer is based in the world and can now be found online here and here.

Definition of Applicable Data Protection Law

We have modified our reference to the EU Directive 95/46/EC in anticipation of the incoming General Data Protection Regulation (GDPR) 2016/679 which becomes effective on May 25, 2018. We are actively preparing for release of the GDPR and we will likely provide additional updated terms prior to the effective date in order to ensure our compliance.

Audit Rights Added – Section 2.1

Although we hope not to use our audit rights, we do need to make sure that our customers use our services in compliance with our agreement. We added the right for Zendesk to ensure your compliance with our agreement along with a true up procedure in the event you are not in compliance.

New Email Campaign Functionality – Section 2.11

In our efforts to constantly improve our service offering, we have added terms in anticipation of new “email campaign” functionality. If you utilize this functionality, you agree that you will not use it to send sensitive information (e.g. SSN, credit card numbers, etc.). We also include additional use restrictions in order to generally restrict the transmission of spam and ensure that our customer’s use of the functionality complies with applicable electronic communications and data laws. This includes the requirement that you obtain consent from your end users (e.g. your customers) to contact them using our services. As Zendesk does not contact or interact with your customers, this provision serves as a reminder that you may have a responsibility to obtain such consents.

Privacy, Cookies, and Usage Data – Sections 3.6 and 3.7

We have revised Sections 3.6 and 3.7 of the MSA to clarify and better explain how we use your information. We have added examples about information that we collect and how we use it. In addition, since we send product announcements and promotional offers to you and your Agents, we’ve included information about how you and your agents may opt out of receiving such communications.

Vendor Payment Portals – Section 6.7

While we are happy to comply with our customers’ reasonable payment processing requests, it’s kind of a bummer when they come with an unexpected fee. We’ve added the ability to invoice you for such fees in the event we are required to incur them.

New Supplemental Terms for Zendesk Chat

As we expand our third party integration capabilities within our Zendesk Chat product, we have included a provision that requires you to certify you have agreed to the third party’s terms of service and have obtained any necessary consent(s) from your customers. Basically, we’re reminding you to review the third party’s terms and your agreements with your customers before enabling such third party services.

New Supplemental Terms for Zendesk Guide

New product and new terms! Most of these terms address the way we charge you for using the Zendesk Guide service. Please review and if you have any questions, feel free to contact your Zendesk account representative for more information.

Privacy Policy

Farewell Safe Harbor, hello Privacy Shield. We have updated our Privacy Policy terms to reflect our ongoing certification with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. In addition, we have added language to our Privacy Policy indicating the recent approval for our BCRs, which provides one more avenue to demonstrate Zendesk’s commitment to processing personal data in accordance with applicable data protection laws.

That’s all for now!