Ir al contenido principal

Article 3 min read

EU-US data transfers after Schrems II

Por Shanti Ariker, SVP, General Counsel and Maarten Van Horenbeeck, SVP & Chief Information Security Officer

Última actualización en November 8, 2022

Here at Zendesk, we believe that trust is at the core of all our interactions with our customers. We recognize the importance of customer trust and of customers’ privacy and the security of their data. Global privacy regulations are evolving at a rapid pace and we are focused on providing the tools our customers need to enable compliance.

As a customer, it’s important to understand how vendors use and secure your data. That is why we strive to be transparent about Service Data processed by our products and services, whether there is an international transfer of data, and what risks are associated with the type of data or processing concerned.

Since the Schrems II decision in July of 2020, regarding the legality of transatlantic data transfers, we have taken the following steps to enable cross-border transfers of personal data in accordance with EU privacy requirements:

Binding corporate rules and Standard contractual clauses

We provide EU Binding Corporate Rules (“BCR”) for both Controller and Processor, considered the “gold standard” for international data transfers. BCRs are company-wide data protection policies that have been approved for data transfers by our Data Protection Authority. We provide a Data Processing Agreement (DPA), which incorporates our EU BCRs and the new June 2021 Standard Contractual Clauses (SCCs). Our DPA also provides additional safeguards to Annex II of the new DPA/SCCs and provides details on our system access controls, data access controls, transmission controls, and network architecture and security.

Transfer impact assessment guide

We also provide a Transfer Impact Assessment Guide to assist you with knowing your transfers and enabling you to complete the required case-by-case privacy impact assessment and analysis (upon request).

Transparency report

When it comes to government surveillance, we believe that law enforcement and national security agencies should engage customers first, rather than service providers. We have received very few law enforcement requests over the years, as detailed in our transparency report, which we update every six months. We have not and will not build any backdoors to allow government authorities to circumvent our security measures.

Certifications

We regularly undergo self-assessment and independent, external testing and certification. Our security certifications from third-party auditors include SOC 2 Type II, ISO 27001:2013, and ISO 27018:2014.

Regional data hosting options

We also offer a way to store your data on a regional basis. You have the option to have your service data for select covered functionality hosted in the United States, European Economic Area (EEA), Japan (JP), or Australia (AU). A full description of which services can be hosted in your chosen region is located in our regional data hosting policy page.

Looking ahead: Zendesk’s roadmap for future trust features

In this rapidly changing regulatory environment, we are committing to building additional features to provide an enhanced level of protection for our customers.

During 2022, Zendesk is working on the following privacy and data protection features to support customers:

  • Bring your own key (BYOK) encryption that will give customers the ability to encrypt their service data using their own enterprise key management system
  • Data Center Location support for all Agent Workspace features
  • Improved data deletion, access control and auditing features on customer data
  • An offering to provide EU-only based customer support, to limit the location of customer advocates with access to your service data

Zendesk is committed to supporting our customers in navigating new data protection and privacy regulations. We are encouraged by the ongoing discussions between the European Commission and the United States government to build a new framework for Europeans’ personal data that is transferred to the United States.

Have questions? Please contact your Zendesk account executive or our privacy team at euprivacy@zendesk.com.

For more information on our privacy and security program, please see the below resources:
Schrems II – Frequently Asked Questions (FAQ) guide
Data processing addendum with new SCCs
Regional data hosting policy
Transparency report
How we protect your service data
Information on U.S. Privacy Safeguards White Paper by the U.S. Dept. of Commerce

Relatos relacionados

Podcast
2 min read

Building AI-powered experiences for humans—with Upwork’s Brent Pliskow

With AI at the heart of their support operation, Upwork is raising the bar for their customers and their internal teams.

Podcast
1 min read

Lessons from an AI success story—with XP’s Guilherme Kolberg

Hear how one of Latin America’s largest investment firms is leveraging AI to improve their customer experiences and already seeing results.

Podcast
1 min read

Direct from Relate 2024—with Zappos Insights co-creator Robert Richman

Join us in Las Vegas where we sat down with Robert Richman, author of The Culture Blueprint, and had attendees place their bets on the future of customer service.

Podcast
1 min read

AI and the next CX revolution—with Zendesk’s Adrian McDermott and Teresa Haun

Join Zendesk experts Adrian McDermott and Teresa Haun as they unpack the history of CX transformation and what that means for an AI-powered future.