The notice states that users may have rights to access, correct, delete, restrict, object to, or port their personal data depending on their jurisdiction, and provides a privacy request form and email address as the mechanism to exercise these rights.
This analysis describes what Zendesk's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the procedural mechanism through which data subjects can exercise GDPR, UK GDPR, CCPA/CPRA, and equivalent regional privacy rights against Zendesk as a controller, and specifies that rights requests relating to Service Data must be directed to the relevant Zendesk business customer.
The agreement states that data subject rights including access, correction, deletion, restriction, objection, portability, and consent withdrawal are available depending on jurisdiction, and that requests should be submitted via the privacy request form or to privacy@zendesk.com. For data processed as Service Data within the platform, the notice directs individuals to contact the relevant Zendesk business customer rather than Zendesk.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Zendesk has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you are located, you may have certain rights with respect to your personal data, including: The right to access your personal data. The right to correct inaccurate personal data. The right to request deletion of your personal data. The right to restrict or object to processing. The right to data portability. The right to withdraw consent at any time where processing is based on consent. To exercise these rights, please submit a request through our privacy request form or contact us at privacy@zendesk.com.— Excerpt from Zendesk's Zendesk Privacy Policy
(1) REGULATORY LANDSCAPE: Data subject rights are mandated by GDPR Articles 15-22 for EU/EEA residents, UK GDPR for UK residents, CPRA for California residents, and equivalent provisions in Brazilian LGPD, Australian Privacy Act, and other regional frameworks. Enforcement authorities include EU supervisory authorities, the UK ICO, and the California Privacy Protection Agency. (2) GOVERNANCE EXPOSURE: Medium. The routing of rights requests for Service Data to business customers rather than Zendesk creates a dependency on those customers' ability and willingness to fulfill requests in a timely manner consistent with applicable legal deadlines. Failure of business customers to respond within statutory timeframes may expose both the customer and potentially Zendesk to regulatory risk depending on how controller/processor responsibilities are assessed. (3) JURISDICTION FLAGS: EU/EEA and UK data subjects have statutory rights to response within one month with possible extension. California residents under CPRA have 45-day response timelines. Organizations serving residents of multiple jurisdictions should ensure that rights fulfillment workflows account for the most stringent applicable deadline. (4) CONTRACT AND VENDOR IMPLICATIONS: Zendesk's DPA should specify obligations for business customers to assist with data subject rights requests for Service Data, including the timeframes and mechanisms for Zendesk to support those requests. Procurement teams should confirm these obligations are contractually specified. (5) COMPLIANCE CONSIDERATIONS: Organizations using Zendesk should establish internal processes for receiving, logging, and fulfilling data subject rights requests that involve Service Data held in Zendesk systems. This includes documenting the categories of Service Data held in Zendesk and establishing escalation paths for complex or high-volume requests.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the procedural mechanism through which data subjects can exercise GDPR, UK GDPR, CCPA/CPRA, and equivalent regional privacy rights against Zendesk as a controller, and specifies that rights requests relating to Service Data must be directed to the relevant Zendesk business customer.
The agreement states that data subject rights including access, correction, deletion, restriction, objection, portability, and consent withdrawal are available depending on jurisdiction, and that requests should be submitted via the privacy request form or to privacy@zendesk.com. For data processed as Service Data within the platform, the notice directs individuals to contact the relevant Zendesk business customer rather than Zendesk.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zendesk.