The EU-US Privacy Shield is the new European Commission-approved mechanism that enables the transfer of personal data from Europe to the U.S. in compliance with European data protection law. As the successor to the EU-US Safe Harbor, the Privacy Shield introduces stronger obligations on the handling of data from the EU and provides greater protections for individuals.We value your trust and share in the same concerns over the privacy of you and your data and want to take this opportunity to announce that Zendesk has certified its compliance with the EU-US Privacy Shield to the U.S. Department of Commerce and has been added to the Department of Commerce’s list of self-certified Privacy Shield participants. Our certification confirms that we comply with the Privacy Shield principles for the transfer of European personal data to the United States.
This is great news for our customers, providing them with an even better data transfer mechanism than the former EU-US Safe Harbor. Zendesk moved quickly to adopt the Privacy Shield as part of our ongoing commitment to privacy and protecting our customers’ data.
As part of our Privacy Shield certification, Zendesk agrees to resolve privacy-related issues in an expedient manner through cooperation with European data protection authorities and binding arbitration. In addition, the Privacy Shield aligns closely to the recently adopted General Data Protection Regulation (“GDPR”), enabling Zendesk to begin updating its internal policies in advance of the May 2018 GDPR effective date.
With this announcement, Zendesk customers will have a choice of data transfer mechanisms: the Privacy Shield and, subject to entry into our standard Data Processing Agreement (“DPA”), the European Commission-approved Standard Contractual Clauses (“Model Clauses”). If you are a Zendesk customer and wish to enter into our DPA, please email us at email@example.com.
Zendesk is in the process of pursuing approval for Binding Corporate Rules (“BCR”) as a data processor, which will provide our customers with another robust mechanism to facilitate transfers of personal data from the EU to members of the Zendesk family of companies when using our services.
Zendesk also offers customers the ability to request that critical data for certain services is hosted in the EU. This feature is limited to certain service plans and is subject to additional fees. Zendesk’s policy on regional data hosting in the EU is more specifically described here and outlines in more detail what data is available to be hosted in the EU. Because the concept of “transfer” under applicable data privacy laws is broadly interpreted to include activities that Zendesk may undertake as a data processor in jurisdictions outside Europe and since certain elements of the Zendesk services platform rely on third parties that do not provide regional hosting, Zendesk cannot restrict data transfers from the EU. However, Zendesk employs state of the art security to protect your data, and our Privacy Shield certification and DPA are designed to ensure that any data transfer from Europe is done in strict compliance with applicable data security and privacy laws.
If you have any additional questions, please email us at firstname.lastname@example.org.