Third-Party Sharing with Advertising and Analytics Partners

What it is

Zendesk shares your website browsing and interaction data with advertising networks, analytics companies, and social media platforms, which may use cookies and trackers to build a profile of your online activity.

Why it matters (compliance & governance perspective)

This sharing with advertising networks means your data may be used beyond Zendesk's own purposes and shared with third parties whose own privacy practices are separate from Zendesk's notice, potentially affecting the scope of data that flows to external entities.

Consumer impact (what this means for users)

Browsing Zendesk's website or interacting with its marketing can result in your data being shared with advertising and analytics third parties through cookies and trackers, which those third parties may use for their own profiling purposes beyond Zendesk's control.

What you can do

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: This provision engages GDPR and the ePrivacy Directive (Cookie Law) for EU users, requiring informed consent before non-essential cookies are placed. Under CCPA and CPRA, sharing personal data with advertising networks may constitute a 'sale' or 'sharing' of personal information, triggering opt-out rights. The FTC Act's unfair or deceptive practices standards apply to disclosures about third-party data sharing. California's CPRA expanded the definition of 'sharing' to include cross-context behavioral advertising even without monetary consideration. (2) GOVERNANCE EXPOSURE: Medium. Zendesk references OneTrust for cookie consent management, which provides a framework for EU-compliant consent capture; however, compliance depends on the specific configuration of consent categories and whether consent is genuinely prior, informed, and freely given as required by GDPR. The California opt-out obligation (Do Not Sell or Share) must be operationally implemented and linked prominently from the homepage. (3) JURISDICTION FLAGS: EU and UK users have the strongest protections, requiring opt-in consent for non-essential cookies. California residents have a statutory opt-out right under CPRA. Users in other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut) may also have opt-out rights for targeted advertising. Organizations that deploy Zendesk widgets or scripts on their own sites should evaluate whether this third-party data flow is adequately disclosed in their own privacy notices. (4) CONTRACT AND VENDOR IMPLICATIONS: Business customers embedding Zendesk scripts or widgets on their own websites should assess whether those scripts trigger third-party advertising data flows and whether their own cookie notices and consent mechanisms adequately disclose this. Failure to disclose Zendesk-initiated tracking in client-facing privacy notices could create independent liability for business customers. (5) COMPLIANCE CONSIDERATIONS: Zendesk's cookie consent configuration should be audited to confirm that analytics and advertising cookies are categorized correctly and that consent is captured before those scripts fire. The CCPA opt-out mechanism should be tested for functionality and prominence. Organizations relying on Zendesk's consent management should confirm it is kept current with regulatory guidance from the EDPB and CPPA.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Controller vs. Processor Distinction for Service Data medium
• International Data Transfers (SCCs and Data Privacy Framework) medium
• California Resident Rights (CCPA/CPRA) medium
• EU/UK Data Subject Rights (GDPR and UK GDPR) medium
• Data Retention Policy low
• Corporate Transaction Data Sharing low

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.