• Sign in
  • Product Support
  • Company
    • About us
    • Press
    • Investors
    • Events
    • Careers
    • Diversity & Inclusion
    • Social Impact
    • Legal
  • Contact us
  • English
    • English (US)
    • English (UK)
    • Español
    • Español (LATAM)
    • Português
    • Français
    • Deutsch
    • Italiano
    • Nederlands
    • 日本語
    • Pусский
    • 한국어
    • 繁體中文 (台灣)
    • 繁體中文 (香港特區)
    • ไทย
  • Zendesk. Be the company your customers want you to be.
  • Contact Us
  • Toggle Mobile Menu
  • Products
    • Zendesk for service

      The complete service solution

    • Zendesk for sales

      The modern sales solution

    • Platform and APIs

      Including Zendesk Sunshine

    • Marketplace

      Apps, integrations, and partners

  • Pricing
    • Zendesk for service

      The complete service solution

    • Zendesk for sales

      The modern sales solution

  • Solutions
    • Enterprise

      Have conversations at scale

    • SMB

      Grow without growing pains

    • Startups

      Get off on the right foot

    • Internal help desk

      Treat employees like customers

    • Industries

      Meet your market’s needs

  • Demo
  • Services
  • Resources
    • Library

      Blog, guides, and best practices

    • Events and webinars

      Learn from wherever you are

    • Webinars

      Learn from wherever you are

    • Events

      Let’s meet up—from a safe social distance

    • Training and certification

      Learn how to use Zendesk and prove your expertise

    • API & Developers

      Info for building things with Zendesk

    • Partners

      How to locate or become a Zendesk partner

    • Customer stories

      See what success with Zendesk looks like

  • Company
    • Contact us
    • About us
    • Press
    • Investors
    • Events
    • Careers
    • Diversity & Inclusion
    • Social Impact
    • Legal
  • Language
    • English (US)
    • English (UK)
    • Español
    • Español (LATAM)
    • Português
    • Français
    • Deutsch
    • Italiano
    • Nederlands
    • 日本語
    • Pусский
    • 한국어
    • 繁體中文 (台灣)
    • 繁體中文 (香港特區)
    • ไทย
  • Get started
  • Sign in
Legal Information and Resources
  • Contact Information
  • Customers and Partners
  • Policies and Procedures
  • Trademarks and Intellectual Property
  • Procurement and Suppliers
Customers and Partners
  • Website Terms of Use
  • Privacy Policy
  • Privacy and Data Protection
  • Cookie Policy
  • Master Subscription Agreement
  • Application Developer and API License Agreement
  • Referral Partner Agreement
  • Reseller Subscription Services Agreement
  • Marketplace Terms of Use
  • Candidate Privacy Notice

Privacy and Data Protection

More information on security resources

  • Overview
  • GDPR
  • CCPA
  • LGPD
  • Data Processing Agreement
  • Binding Corporate Rules
  • Privacy Shield
  • Transparency Report
  • Resources

Click on the Zendesk products below to see the features and functionality available in each of Zendesk’s products that can support GDPR compliance. If you are a Zendesk Suite customer, the products referenced in the table below correspond to the following functionality that may be made available in your Service Plan (as defined in the Service-Specific terms found here: https://support.zendesk.com/hc/en-us/articles/360047508453-Supplemental-terms-Zendesk-s-service-specific-terms).

  • Zendesk Support
  • Zendesk Guide
  • Zendesk Chat
  • Zendesk Talk
  • Zendesk Explore
  • Zendesk Connect
Product Zendesk Suite Functionality
Support Help Desk Functionality
Guide Help Center Functionality
Chat Live Chat Functionality
Talk Voice Functionality
Explore Analytics Functionality

Zendesk Support

Transparency and Accountability

Purpose of the GDPR Obligation

Ensure transparent communication with data subjects regarding the processing of their personal data.

Ensure data subjects are notified of their rights under the GDPR.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Zendesk’s Master Subscription Agreement, Privacy Policy, and supporting policies provide a transparent notice to inform its customers.

In addition, Zendesk offers all three legal mechanisms for cross-border transfers of personal data from the EU, as detailed here.

Exceptions to the GDPR Obligation

A data controller is exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified).

Access and Rectification

Purpose of the GDPR Obligation

Allow data subjects to require a data controller to rectify any errors in their personal data.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Agents and End-Users have access to their profiles to amend inaccuracies, as detailed here for Agents and here for End-Users.

Exceptions to the GDPR Obligation

Provision of this right to a data subject should not adversely affect an organization’s intellectual property (i.e., giving access to a data subject should not require disclosure of trade secrets).

Right to be Forgotten

Purpose of the GDPR Obligation

Provide data subjects with the right to delete their personal data if the continued processing is not justified.

For example, you may need to delete your customer’s personal data to comply with your GDPR obligations.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Zendesk provides customers with the option to delete profiles, tickets, images, and attachments that may contain personal data in active Zendesk Support accounts.

  • Agent Profile Deletion: Zendesk currently supports the deletion of Agent profile information, as described here.
  • End-User Profile Deletion: Zendesk currently supports the deletion of End-User profile information, as described here.
  • Ticket Deletion: Tickets can be deleted by following the steps outlined here.
  • Attachment and Image Deletion: Customers can delete attachments and images by deleting the Support tickets to which those attachments and images are attached.
  • Zendesk APIs can be used to do a variety of functions, such as bulk permanent deletion, as detailed here.

In addition, Zendesk Support customers can leverage the following APIs to assist with their GDPR compliance efforts:

  • Delete ticket
  • Bulk delete tickets
  • Permanently delete ticket
  • Bulk permanently delete tickets
  • Search solved tickets

Exceptions to the GDPR Obligation

A company is not required to delete data, except when one of the following reasons is present:

  • The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent, and there are no other legal grounds for processing.
  • The data subject objects to processing, and there are no overriding legitimate grounds for processing.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased for compliance with a legal obligation.
  • The personal data has been collected in relation to the offer of information society services to a minor under 16 years old.

Restriction Processing

Purpose of the GDPR Obligation

Provide data subjects the right to limit the purposes for which the data controller can process personal data.

For example, your customer has filed a complaint or lawsuit against you, and it is your policy to stop processing while the complaint or lawsuit is pending.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Zendesk has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Zendesk products and services. Functionality is currently available to suspend/unsuspend End-Users, as detailed here.

Zendesk Support customers can also export and retain data while processing has ceased, as detailed here.

Exceptions to the GDPR Obligation

The requirement to restrict processing generally applies under the same circumstances as the right to be forgotten and/or when the following circumstances exist:

  • The accuracy of the personal data is contested (and only for as long as it takes to verify that accuracy).
  • The processing is unlawful, and the data subject requests restriction (and the data subject is not exercising the right to be forgotten).
  • The data controller no longer needs the personal data for the original purpose but still requires it to establish, exercise, or defend a legal right.
  • Verification of overriding ground is pending (in the context of a deletion request).

Data Portability

Purpose of the GDPR Obligation

Provide data subjects with the right to transfer their personal data between data controllers.

For example, your customer requests for you to export and provide them with all associated personal data that you store.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Zendesk has developed and implemented mechanisms to enable its customers to export data from Zendesk Support, as detailed here.

Exceptions to the GDPR Obligation

Inferred and derived personal data (e.g., a credit score or health assessment) are not included because they are not “provided by the data subject.”

Data controllers are not obligated to retain personal data simply for the purposes of providing a copy of the personal data pursuant to a potential data subject request.

Objection to Processing

Purpose of the GDPR Obligation

Provide data subjects with the right to transfer their personal data between controllers.

Features/Functionality to Work Toward Compliance with the GDPR Obligations That Affect You

Zendesk has documented and implemented internal mechanisms to:

  • Cease processing personal data based upon specific data subject requests, confirmed instructions by Zendesk’s customer in its capacity of data controller, and the particular reasoning for objecting to processing.
  • Cease processing for direct marketing purposes upon request.
  • Cease processing of personal data for scientific, historical, or statistical purposes.

Exceptions to the GDPR Obligation

Data controller must cease processing upon request unless:

  • The data controller demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject.
  • The data controller requires the data in order to establish, exercise, or defend legal rights.
  • Processing for scientific, historical, or statistical purposes is carried out for reasons of public interest.
Zendesk

Champions of customer service

Our Products
  • Zendesk for service
  • Zendesk for sales
  • Platform and APIs
  • Marketplace
  • Product updates
Top Features
  • Ticketing system
  • Messaging & live chat
  • Help center
  • Voice
  • Community forums
  • Reporting & analytics
  • Answer Bot
  • Customer service software
  • Ticketing system software
  • Live chat software
  • Knowledge base
  • Forum software
  • Help desk software
  • Security
Resources
  • Product support
  • Request a demo
  • The Library
  • Training
  • Partners
  • Webinars
  • Webinars
  • Customer Stories
  • Services
Company
  • About us
  • Press
  • Investors
  • Events
  • Careers
  • Diversity & Inclusion
  • Social Impact
  • Contact us
  • Sitemap
  • System status
  • Product help
  • Legal
Favorite Things
  • Zendesk for Enterprise
  • Zendesk for Small Business
  • Zendesk for Startups
  • Zendesk Benchmark
  • Gartner CRM Magic Quadrant
  • Customer Experience Trends

Enter the fold

Subscribe to our newsletter.

Please enter a valid email address
Please also send me occasional emails about Zendesk products and services. (You can unsubscribe at any time.)
Please select an option

Welcome to the club!

Sorry, something went wrong!

Please reload the page and try again, or you can email us directly at support@zendesk.com.

Terms of Use Privacy Policy Cookie Policy Cookie settings ©Zendesk 2021