Candidate Privacy Notice

1. About this Notice

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Privacy Notice (“Notice”) describes how Zendesk, Inc. and its group companies (“Zendesk“, “we,” “us” or “our“) handle your personal information when you apply for a job or other role with us and the rights you have in connection with that information. It is important that you read all of this Notice carefully. The term “Candidate” is used in this Notice to refer to anyone who applies for a job role, or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis).

This Notice is set out in this document and:

• for those Candidates in the EEA and the UK, the “Additional GDPR Disclosures” annexed to this document; and
• for those Candidates who are residents of California, the “Additional CCPA Disclosures” annexed to this document

Please address any questions or requests relating to this Notice to privacy@zendesk.com.

2. Information we may collect when you apply

When you apply for a job role at (or otherwise seek to work with) Zendesk, we will collect, use and disclose certain information directly from you as well as from third party sources.

• Information we may collect from you

We will collect and process personal information from you through the application and recruitment process. Such information may include, but it not limited to:

• Name and other personal information such as gender, date and place of birth;
• Contact information, such as address, telephone number, and e-mail address;
• Past employment history (including previous employers, job titles, or positions) and references in order to evaluate potential employees for employment;
• Other academic, professional, and training information, such as academic degrees and professional qualifications;
• Your CV/résumé (which may include details of any memberships or interests constituting Sensitive Personal Information (as that term is defined herein))
• National identifiers such as nationality/ies, national IDs/passport, social security / insurance numbers, immigration information, and visa status
• Information relating to previous applications you have made to Zendesk and/or any previous employment history with Zendesk
• Information concerning your application and our assessment of it;
• CCTV images; and
• Any other information you voluntarily provide throughout the process, including online, through interviews or other forms of assessment.

During the recruitment process, we generally do not collect or process any “Sensitive Personal Information”. Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation

However, there are circumstances in which we are required or permitted by local law to process Sensitive Personal Information. For example, Zendesk may be required to collect information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws or for government reporting obligations. Similarly, information about your physical or mental condition may be collected in order to consider accommodations we need to make for the recruitment process and/or subsequent job role. You may also provide, on a voluntary basis, other Sensitive Personal Information during the recruiting process.

If you are applying as Candidate in the UK or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

• Information we may collect from other sources

We may collect some or all of the following personal information from other sources (in each case where permissible and in accordance with applicable law) when you apply for a role with Zendesk:

• References provided by referees;
• Other background information provided or confirmed by academic institutions and training or certification providers;
• Criminal records data obtained through criminal records checks;
• Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries);
• Information provided by recruiting or executive search agencies; and
• Information collected from publicly available sources, including any social media platforms you use or other information available online.

If you are applying as Candidate in the UK or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

3. Purposes for processing personal information

We collect and use personal information primarily for recruiting purposes—in particular, to determine your qualifications for employment and to make a hiring decision. This includes assessing your skills, qualifications, and background for a particular role, verifying your information, carrying out reference and/or background checks (where applicable) and generally managing the hiring process and communicating with you about it.

If you are accepted for a role at Zendesk, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within Zendesk in the future. Please see Section 5 of this Notice for more details.

If you are applying as Candidate in the UK or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

4. Who will see your personal information

To carry out the purposes outlined above, your personal information may be shared internally with managers, HR and recruitment teams, systems administrators, and other members of Zendesk’s group for our recruitment processes.

We will only disclose your personal information outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.

In accordance with applicable law, we may disclose your personal information if it is necessary for our legitimate interests as an organization or the interests of a third party (but we will not do this if these interests are overridden by your interests and rights in particular to privacy). We may also disclose your personal information if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.

Specific circumstances in which your personal information may be disclosed include:

• where we consider disclosure is necessary or required by law, to exercise, establish, or defend our legal rights, or to protect your vital interests or those of any other person;
• where we engage third party vendors to perform services on our behalf and these third parties must process personal information to provide their services. Examples include: (a) recruiting or executive search agencies involved in your recruiting; (b) background checking or other screening providers and relevant local criminal records checking agencies; (c) data storage, shared services and recruiting platform providers, IT developers and support providers and providers of hosting services in relation to our careers website; and (d) third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing / reporting issues; and
• in connection with a proposed sale, reorganization, or disposal of Zendesk or any Zendesk business unit.

5. How long we retain your personal information

Your personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice (or as otherwise required by applicable law). If you are successful with your application your personal information will be kept in accordance with our Employment Privacy Notice. If you are unsuccessful your personal information will be kept for the duration of the application process plus a reasonable period of time after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to your application. We may also retain your personal information to consider you for other suitable openings within Zendesk in the future.

If you would like to opt out from Zendesk’s policy of retaining your information for the purposes of considering you for other suitable openings, please email privacy@zendesk.com or use the opt-out tool provided to you via Zendesk’s recruiting application platform.

6. Who to contact

Please address any questions or requests relating to this Notice to privacy@zendesk.com.

If you have complaints relating to our processing of your personal information, you should raise these with Zendesk’s recruitment teams or HR in the first instance.

You may also raise complaints with the statutory regulator in your jurisdiction. A list of contact details for the EU data protection authorities is available here.

Updates to this Notice: This notice was last updated on January 1, 2020.

Additional GDPR Disclosures

Under the General Data Protection Regulation (“GDPR“), if you are a Candidate in the UK or the European Economic Area (EEA), we are required to provide you with additional information about our processing of your personal information.

Controller of your personal information

If you are a Candidate located in the UK or EEA, the Zendesk entity which you are applying to is the controller of your personal information. As data controller, that Zendesk is responsible for ensuring that the processing of your personal information complies with applicable EU data protection law.

Legal basis for processing your personal information (EEA candidates only)

Our legal basis for collecting and using your personal information will depend on the information concerned. However, for the purposes of this Notice, we will process your personal information where: (a) the processing is in our legitimate interests (as summarized above in Section 3) (and not overridden by your data protection interests or fundamental rights and freedoms) and (b) where we have a legal obligation to do so.

More specific information on these, examples of the data and the grounds on which we process data are in the table below. The examples in the table cannot, of course, be exhaustive.

Your rights

Depending on where you are located, you may have certain rights in relation to your personal information. For instance, Candidates located in the UK and the EEA may request access to the personal information we process, and/or to ask that we update, correct, restrict the scope of use of or delete the personal information that we process. You may also be entitled to object to the processing of your personal information or to request portability of your personal information. If we rely on your consent to process your personal information, you may withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.

Depending on the jurisdiction in which you work you may have other rights in relation to your personal information. For instance, if you are employed in France you may have the right to give instructions concerning the use of your personal information after your death.

If you would like to exercise any of your rights, or if you would like more information about these rights or the rights which may apply in your jurisdiction, please use the contact details below.

In the event you feel we have misused your personal information; you may notify us of your complaint at any time by using the contact below. If you are located in the UK or EEA, you may also have the right to complain to a data protection authority about our collection and use of your personal information. The supervisory authority in your home EU member state may work with the U.S. Department of Commerce and the Federal Trade Commission. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here. As a last resort where none of the preceding avenues have satisfactorily resolved your complaint, you may have the right to invoke the binding arbitration provided by the “Privacy Shield Panel”.

International transfers outside the EEA

As a global organization headquartered in the United States and we have offices and / or employees across the EU, and in Australia, the Philippines, Singapore, Japan, Thailand, New Zealand, India, South Korea, Brazil, Mexico, and Canada. Therefore we will transfer your personal information outside the European Economic Area (EEA) to members of our Group as well as to third parties.

These countries may have data protection laws that are different, and potentially less protective, than the laws of your own country. However, Zendesk has and will continue to implement measures with any recipients of your personal information to ensure it remains protected in accordance with this Notice and applicable data protection laws and to ensure that the transfer is lawful and that there are appropriate security arrangements in place. These protections include:

• our approved binding corporate rules known as the Zendesk Binding Corporate Rules (“Zendesk’s BCRs”) which can be accessed here;
• our Privacy Shield Certification; and
• where appropriate the EU standard contractual clauses.

Zendesk complies with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Zendesk has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Where Zendesk has received your personal information in the United States and subsequently transfers that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, Zendesk will remain liable, unless Zendesk can prove that it is not responsible for the event giving rise to the damage. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Because Zendesk is an active participant in the EU-US and Swiss-US Privacy Shield Frameworks, it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Further, Zendesk will, at all times, cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of our employment relationships. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Additional CCPA Disclosures

Under the California Consumer Privacy Act (“CCPA”), if you are a resident of California, we are required to provide you with additional information about how we collect, use, and disclose personal information as defined under California law (hereinafter referred to as “Personal Information”). These disclosures should be read in conjunction with the Zendesk Candidate Privacy Notice.

Note that these disclosures do not apply to our handling of data gathered about you in your role as a user of our services. When you interact with us as in that role, the Zendesk Privacy Policy associated with the relevant service applies.

Types of Personal Information We Handle

We collect, store, and use various types of Personal Information through the application and recruitment process. We collect such information either directly from you or (where applicable) from another person or entity, such as an employment agency or consultancy, background check provider, or other referral sources.

The type of information we have about you varies based on the application process and may include, where applicable:

• Identification and contact information, and related identifiers such as full name, date and place of birth, and permanent residence, contact information about you and your beneficiaries or emergency contacts.
• Professional or employment-related information, including:
  • Recruitment, employment, or engagement information such as application information copies of identification documents, and background screening results and references.
  • Career information such as job titles; work history; performance information; information about qualifications; disciplinary and grievance information; and termination information
• Education information such as institutions attended, degrees, certifications, training courses, publications, and transcript information.
• Potentially protected classification information such as race, sex/gender, religious/ philosophical beliefs, gender identity/expression, sexual orientation, marital status, military service, nationality, ethnicity, citizenship, request for family care leave, political opinions, health information (only if required by law), and criminal history.
• Other information such as any information you voluntarily choose to provide in connection with your job application.

How We Use Personal Information

We collect, use, share, and store Personal Information from Candidates for our and our service providers’ business and operational purposes in our recruitment and hiring process such as: processing your application; tracking your application through the recruitment process; contacting references with your authorization; conducting background checks you authorize; evaluating you for current and future job opportunities, including matching your skills and interest to applicable job requirement; communicating with you throughout the hiring process; and making hiring decisions. We will also use Candidate information for internal analysis purposes to understand the Candidates who apply and to improve our recruitment process, including improving our diversity and inclusion efforts. We may sometimes need to use Candidate information for legal purposes, such as in connection with any challenges made to our hiring decisions.

With Whom We Share Personal Information

We will disclose Candidate personal information to the following types of entities or in the following circumstances (where applicable):

• Internally: to other Zendesk personnel involved in the recruiting and hiring processes.
• Service Providers: in order to administer services during the Zendesk hiring process. These service providers include technology service providers, travel management providers, human resources suppliers, background check companies, and employment agencies or recruiters, where applicable.
• Legal Compliance: when required to do so by law, regulation, or court order or in response to a request for assistance by the police or other law enforcement agency.
• Litigation Purposes: to seek legal advice from our external lawyers or in connection with litigation with a third party.
• Business Transaction Purposes: in connection with a sale, purchase, or merger.