If you are in the EU, UK, or Switzerland, GDPR and equivalent laws give you the right to access, fix, delete, or move your personal data, and to object to how Zendesk uses it, including any automated decision-making.
This analysis describes what Zendesk's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
EU and UK users can formally exercise rights including deletion, portability, and objection to processing against Zendesk, with regulatory bodies available to enforce compliance if Zendesk fails to respond adequately.
How other platforms handle this
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
Monitoring
Zendesk has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing; the right to data portability; the right to object to processing; and the right not to be subject to automated decision-making, including profiling, where this produces legal or similarly significant effects.— Excerpt from Zendesk's Zendesk Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-22, which enumerate data subject rights including access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making. The Irish Data Protection Commission is Zendesk's lead supervisory authority for EU purposes under the one-stop-shop mechanism. The UK ICO supervises UK GDPR compliance. Switzerland's nFADP creates analogous rights. GDPR Article 12 requires responses to data subject requests within one month, extendable by two further months for complex requests. (2) GOVERNANCE EXPOSURE: Medium. Zendesk's operational capacity to honor data subject requests depends on its internal data mapping and the distinction between data it controls versus data controlled by business customers. For service data processed on behalf of business customers, Zendesk's notice directs individuals to the business customer, which means Zendesk's DSR response procedures for controller data must be carefully separated from processor data. Failure to respond within GDPR timelines can result in supervisory authority complaints and fines. (3) JURISDICTION FLAGS: EU/EEA and UK users have the strongest statutory footing. Swiss residents are covered by nFADP. Organizations in EU member states with historically active DPAs (Germany, France, Netherlands, Austria) should note that local supervisory authorities may also be competent for complaints even under the one-stop-shop mechanism, particularly for local establishment-related processing. (4) CONTRACT AND VENDOR IMPLICATIONS: Business customers must ensure their DPAs with Zendesk include obligations for Zendesk to assist with data subject rights requests under GDPR Article 28(3)(e), and that there is a clear operational process for routing requests that involve service data. The notice's direction to contact the business customer rather than Zendesk for service data must be operationally supported by the business customer's own DSR process. (5) COMPLIANCE CONSIDERATIONS: Zendesk's DSR response process for controller data should be audited for statutory compliance including identity verification, response timelines, and exception documentation. Legal teams should confirm that Zendesk's DPA obligations to assist with DSRs for service data are operationally implementable. Organizations subject to GDPR should include Zendesk in their records of processing activities and document the legal basis for each processing activity disclosed in this notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
EU and UK users can formally exercise rights including deletion, portability, and objection to processing against Zendesk, with regulatory bodies available to enforce compliance if Zendesk fails to respond adequately.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zendesk.