If you are in the EU, UK, or Switzerland, GDPR and equivalent laws give you the right to access, fix, delete, or move your personal data, and to object to how Zendesk uses it, including any automated decision-making.
This analysis describes what Zendesk's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
This geographically-specific GDPR provision was replaced with a location-agnostic 'Data Subject Rights' provision, potentially reducing explicit references to GDPR compliance and automated decision-making protections.
View full change record →EU and UK users can formally exercise rights including deletion, portability, and objection to processing against Zendesk, with regulatory bodies available to enforce compliance if Zendesk fails to respond adequately.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Zendesk has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing; the right to data portability; the right to object to processing; and the right not to be subject to automated decision-making, including profiling, where this produces legal or similarly significant effects.— Excerpt from Zendesk's Zendesk Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-22, which enumerate data subject rights including access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making. The Irish Data Protection Commission is Zendesk's lead supervisory authority for EU purposes under the one-stop-shop mechanism. The UK ICO supervises UK GDPR compliance. Switzerland's nFADP creates analogous rights. GDPR Article 12 requires responses to data subject requests within one month, extendable by two further months for complex requests. (2) GOVERNANCE EXPOSURE: Medium. Zendesk's operational capacity to honor data subject requests depends on its internal data mapping and the distinction between data it controls versus data controlled by business customers. For service data processed on behalf of business customers, Zendesk's notice directs individuals to the business customer, which means Zendesk's DSR response procedures for controller data must be carefully separated from processor data. Failure to respond within GDPR timelines can result in supervisory authority complaints and fines. (3) JURISDICTION FLAGS: EU/EEA and UK users have the strongest statutory footing. Swiss residents are covered by nFADP. Organizations in EU member states with historically active DPAs (Germany, France, Netherlands, Austria) should note that local supervisory authorities may also be competent for complaints even under the one-stop-shop mechanism, particularly for local establishment-related processing. (4) CONTRACT AND VENDOR IMPLICATIONS: Business customers must ensure their DPAs with Zendesk include obligations for Zendesk to assist with data subject rights requests under GDPR Article 28(3)(e), and that there is a clear operational process for routing requests that involve service data. The notice's direction to contact the business customer rather than Zendesk for service data must be operationally supported by the business customer's own DSR process. (5) COMPLIANCE CONSIDERATIONS: Zendesk's DSR response process for controller data should be audited for statutory compliance including identity verification, response timelines, and exception documentation. Legal teams should confirm that Zendesk's DPA obligations to assist with DSRs for service data are operationally implementable. Organizations subject to GDPR should include Zendesk in their records of processing activities and document the legal basis for each processing activity disclosed in this notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
EU and UK users can formally exercise rights including deletion, portability, and objection to processing against Zendesk, with regulatory bodies available to enforce compliance if Zendesk fails to respond adequately.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zendesk.