Click on the Zendesk products below to see the features and functionality available in each of Zendesk’s products that can support GDPR compliance. If you are a Zendesk Suite customer, the products referenced in the table below correspond to the following functionality that may be made available in your Service Plan (as defined in the Service-Specific terms found here: https://support.zendesk.com/hc/en-us/articles/360047508453-Supplemental-terms-Zendesk-s-service-specific-terms).
產品 | Zendesk Suite Functionality |
---|---|
支援 | Ticketing System Functionality |
Guide | Help Center Functionality |
交談 | Live Chat Functionality |
對話 | Voice Functionality |
Explore | Analytics Functionality |
Meeting a Transparency obligation
Purpose of this Obligation |
Ensure transparent communication with data subjects regarding the processing of their personal data. Ensure data subjects are notified of their privacy rights. |
Features/ |
Zendesk’s Master Subscription Agreement, Privacy Policy, and supporting policies provide a transparent notice to inform its customers. For cross-border transfers of personal data from the EU, Zendesk also offers all three legal mechanisms as detailed here. |
Exceptions to the Obligation |
A data controller may be exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified). |
Meeting Access and Correction Obligations
Purpose of this Obligation |
Allow data subjects to require a data controller to rectify any errors in their personal data. |
Features/Functionality to Work Toward Compliance with the Privacy Obligations That Affect You |
Agents and End-Users have access to their profiles to amend inaccuracies, as detailed here for Agents and here for End-Users. |
Exceptions to the Obligation |
Provision of this right to a data subject should not adversely affect an organization’s intellectual property (i.e., giving access to a data subject should not require disclosure of trade secrets). |
Meeting an Erasure or Deletion Obligation
Purpose of this Obligation |
Provide data subjects with the right to delete their personal data if the continued processing is not justified. For example, you may need to delete your customer’s personal data to comply with your privacy obligations. |
Features/Functionality to Work Toward Compliance with the Privacy Obligations That Affect You |
Zendesk enables customers to delete profiles, tickets, images, and attachments that may contain personal data in active Zendesk Support accounts. For more information, see Forgetting a user in Zendesk |
Exceptions to the Obligation |
A company may not be required to delete data, except when one of the following reasons is present:
|
Meeting a Restriction of Processing Obligation
Purpose of this Obligation |
Provide data subjects the right to limit the purposes for which the data controller can process personal data. For example, your customer has filed a complaint or lawsuit against you, and it is your policy to stop processing while the complaint or lawsuit is pending. |
Features/Functionality to Work Toward Compliance with the Privacy Obligations That Affect You |
Zendesk has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Zendesk products and services. Functionality is currently available to suspend/ Zendesk Support customers can also export and retain data while processing has ceased, as detailed here. |
Exceptions to this Obligation |
The requirement to restrict processing generally may apply under the same circumstances as the right to be forgotten and/or when the following circumstances exist:
|
Meeting a Data Portability Obligation
Purpose of this Obligation |
Provide data subjects with the right to transfer their personal data between data controllers. For example, your customer requests for you to export and provide them with all associated personal data that you store. |
Features/Functionality to Work Toward Compliance with the privacy Obligations That Affect You |
Zendesk has developed and implemented mechanisms to enable its customers to export data from Zendesk Support, as detailed here. |
Exceptions to the Obligation |
Inferred and derived personal data (e.g., a credit score or health assessment) are not included because they are not “provided by the data subject.” Data controllers are not obligated to retain personal data simply for the purposes of providing a copy of the personal data pursuant to a potential data subject request. |
Meeting an Objection Obligation
Purpose of this Obligation |
Provide data subjects with the right to object to data controllers’ further processing of their personal data. |
Features/Functionality to Work Toward Compliance with the Privacy Obligations That Affect You |
Zendesk has documented and implemented internal mechanisms to:
|
Exceptions to the Obligation |
Data controller may need to cease processing upon request unless
|