1. About this Notice

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Privacy Notice (“Notice”) describes how Zendesk, Inc. and its group companies (“Zendesk“, “we,” “us” or “our“) handle your personal information when you apply for a job or other role with us and the rights you have in connection with that information. It is important that you read all of this Notice carefully. The term “Candidates” is used in this Notice to refer to anyone who applies for a job role, or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis).

Please address any questions or requests relating to this Notice to privacy@zendesk.com.

2. Information we may collect when you apply

When you apply for a job role at (or otherwise seek to work with) Zendesk, we may collect certain information automatically, from you personally, or from third party sources.

• Information we may collect automatically

You can visit the Jobs section of our website (“Website“) and search for jobs without providing personal information. However, we do collect certain information automatically from your device when you visit our Website. For further information, please see our Website’s Privacy Policy.

• Information we may collect from you

We may collect and process personal information from you when you apply for a role at Zendesk, including but not limited to:

• Name and other personal information such as gender, date and place of birth;
• Contact information, such as address, telephone number, and e-mail address;
• Past employment history (including previous employers, job titles, or positions) and references in order to evaluate potential employees for employment;
• Other academic, professional, training and salary-related information, such as academic degrees and professional qualifications;
• Your CV/résumé (which may include details of any memberships or interests constituting Sensitive Personal Information (as that term is defined herein));
• National identifiers such as nationality/ies, national IDs/passport, social security / insurance numbers, immigration information, and visa status;
• Information relating to previous applications you have made to Zendesk and/or any previous employment history with Zendesk; and
• Any other information you voluntarily provide throughout the process, including through interviews or other forms of assessment.

As a general rule, during the recruitment process, we try not to collect or process any “Sensitive Personal Information” unless authorized by law or where necessary to comply with applicable laws. Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation.

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruiting-related purposes. For example, information about your racial/ethnic origin, gender and disabilities may be collected for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations. Any reports prepared for this purpose would not contain personal information, i.e., the information would be aggregated and anonymized. Furthermore, information about your physical or mental condition may be collected in order to consider accommodations we need to make for the recruitment process and/or subsequent job role.

You may provide, on a voluntary basis, other Sensitive Personal Information during the recruiting process.

• Information we may collect from other sources

We may collect some or all of the following personal information from other sources (in each case where permissible and in accordance with applicable law) when you apply for a role with Zendesk:

• References provided by referees;
• Other background information provided or confirmed by academic institutions and training or certification providers;
• Criminal records data obtained through criminal records checks;
• Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries);
• Information provided by recruiting or executive search agencies; and
• Information collected from publicly available sources, including any social media platforms you use or other information available online.

3. Purposes for processing personal information

We collect and use this personal information primarily for recruiting purposes – in particular, to determine your qualifications for employment and to make a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying out reference and / or background checks (where applicable) and generally managing the hiring process and communicating with you about it.

If you are accepted for a role at Zendesk, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within Zendesk in the future. Please see Section 6 of this Notice for more details.

4. Disclosures of your personal information and transfers abroad

We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

• Transfers to other group companies

We may share your personal information with other members of Zendesk’s group around the world in order to administer our recruitment processes and store data.

• Transfers to third party service providers

In accordance with applicable law, we may make certain personal information available to third parties who provide services relating to the recruiting process to us, including (a) recruiting or executive search agencies involved in your recruiting; (b) background checking or other screening providers and relevant local criminal records checking agencies; (c) data storage, shared services and recruiting platform providers, IT developers and support providers and providers of hosting services in relation to our careers website; and (d) third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing / reporting issues.

We may also disclose personal information to third parties on other lawful grounds, including: (a) where you have provided your consent; (b) to comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant; (c) in response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes); (d) as necessary to establish, exercise or defend against potential, threatened or actual legal claims; (e) where necessary to protect your vital interests or those of another person; and/or (f)in connection with the sale, assignment or other transfer of all or part of our business.

• Transfers abroad

Your personal information may be processed by third parties for the reasons explained in this Notice, including Zendesk’s group companies and third party vendors, who may be based in countries other than your country of residence, including the United States. These countries may have data protection laws that are different, and potentially less protective, than the laws of your own country. However, Zendesk will implement measures with any recipients of your personal information to ensure it remains protected in accordance with this Notice and applicable data protection laws.

Specifically, whenever Zendesk shares Employee Data from the European Economic Area (EEA) with a Zendesk entity outside the EEA, it will do so on the basis of its approved binding corporate rules known as the Zendesk Binding Corporate Rules (“Zendesk’s BCRs”) which establish adequate protection of such personal information and are legally binding on the Zendesk Group. Zendesk’s BCRs were approved by the European data protection authorities on 19 May 2017 and are available online. To access Zendesk’s Controller Global Binding Corporate Rules, please click here. Where Zendesk’s BCRs do not apply, Zendesk will instead rely on other lawful measures to transfer your personal information outside the EEA, such as the EU standard contractual clauses.

Furthermore, Zendesk complies with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Zendesk has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Because Zendesk is an active participant in the EU-US and Swiss-US Privacy Shield Frameworks, it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Further, Zendesk will, at all times, cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of our employment relationships.

5. Legal basis for processing your personal information (EEA candidates only)

Under European data protection law, our legal basis for collecting and processing your personal information will depend on the information concerned and the context in which we collect it. However, we will normally collect personal information from you only where: (a) the processing is in our legitimate interests (as summarized above in Section 3) (and not overridden by your data protection interests or fundamental rights and freedoms); (b) we need the information to comply with applicable immigration and/or employment laws and regulations; (c) we need the information to take steps prior to entering an employment contract with you, where you are considered for employment; (d) you have made the data public; (e) we have your consent to do so; and (f) we need to protect the rights and interests of Zendesk, our employees, candidates and others, as required and permitted by applicable law.

Where we rely on your consent to collect and process your personal information, you have the right to withdraw or decline your consent at any time. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal information is mandatory or not (as well as the consequences if you do not provide it). Similarly, if we collect and use your personal information in reliance on our legitimate interests or those of a third party that are not already listed above, we will make clear to you at the relevant time what those legitimate interests are.

6. How long we retain your personal information

Your personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice, or as otherwise required by applicable law. Generally this means your personal information will be kept for the duration of the application process plus a reasonable period of time after confirmation that your application was unsuccessful. You will be provided with the opportunity to opt out of Zendesk’s policy of retaining your information.

7. Your rights (EEA candidates only)

You have the right to request access to your personal information, and to ask that we update, correct, block, restrict the scope of use of or delete your personal information that we hold about you. You may have certain additional rights in relation to your personal information under applicable laws, such as the right to object to processing of your personal information, the right to restrict processing of your personal information (e.g. where you believe the information we hold about you is inaccurate or unlawfully held) or to request portability of your personal information.

If you would like to exercise such rights, please use the contact details below. We will consider your request in accordance with applicable laws.

In the event you feel we have misused your Employee Data, you may notify us of your complaint at any time. You also have the right to complain to a data protection authority about our collection and use of your Employee Data. The supervisory authority in your home EU member state may work with the U.S. Department of Commerce and the Federal Trade Commission. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here. As a last resort where none of the preceding avenues have satisfactorily resolved your complaint, you may have the right to invoke the binding arbitration provided by the “Privacy Shield Panel”.

8. Who to contact

Please address any questions or requests relating to this Notice to privacy@zendesk.com.

Last updated: May 25, 2018