Regional Data Hosting Policy Follow

This policy explains the basics of Zendesk’s regional data hosting policy, where Service Data can be Hosted, and where other processing activities occur. “Hosting/Hosted” means the storing, hosting or replicating of Service Data including for archival, backup and log purposes. All other capitalized terms not otherwise defined herein such as “Service Data”, shall have the meaning set forth in Zendesk’s Terms of Service available here .

Where Zendesk Service Data Can Be Hosted

Zendesk customers who purchase the Data Hosting Locality Deployed Associated Service have the ability to select the data center location for Hosting of certain of their Service Data from the available data center locations made available by the Zendesk Contracting Party (“Data Locality”). The table below summarizes the geographical region(s) where certain types of Service Data can be Hosted when Data Locality is enabled. For the avoidance of doubt, all Service Data which is available for Data Locality must be Hosted in a single region where Data Locality is available as indicated below:

Service Data Type

Hosting Options

Zendesk Support Ticket Content

Available to be Hosted in the European Economic Area (EEA) or the US

End-User E-mail Addresses and E-mail Messages

Available to be Hosted in the EEA or the US (except in Insights which is Hosted in the US)

Zendesk Support Ticket Attachments

Available to be Hosted in the EEA or the US

Zendesk Support Help Center Assets and Attachments

Available for Hosting in US only

Zendesk App Assets

(Including icons, description and software code for public and private apps)

Available to be Hosted in the US only

Insights

Available to be Hosted in the US only

Zendesk Talk (call recordings)

Available to be hosted by our third party service provider, Twilio, in the US only

Zendesk Chat

Available to be Hosted in the EEA only

Spam Filter

Available to be Hosted in the US only

Net Promoter Score (NPS) email distribution lists

Available to be Hosted in the US only

Archived Screencasts

(No longer available)

Available to be Hosted in the US only

Disabling Features or Functionality of the Zendesk Service to Limit Hosting of Service Data Outside of a Selected Region

Many of the features or functionality that require Hosting of Service Data in a particular region are, by default, disabled or may be disabled by Agents authorized as administrators within the Zendesk Support Service.  These include the following:

Service Data Type

Options

Insights

Insights is optional and disabled by default. Custom ticket fields enabled for export into Insights may be disabled upon request. Default ticket fields exported to Insights (including End-User email and organization) cannot be disabled.

Zendesk Talk

Zendesk Talk is optional and is disabled by default

Spam Filter

Spam filter is optional and is disabled by default

Net Promoter Score (NPS) email distribution lists

NPS is optional and is disabled by default

Hosting and Processing of Backups and Logs

Backups and audit logs of Service Data for which Data Locality is available (“Backups and Logs”) are also Hosted in the selected region. Backups and Logs may be otherwise Processed outside of the EEA and the US in accordance with the policies below.

Processing of Service Data

Notwithstanding the Data Locality options above, Service Data, including Service Data for which Data Locality is available, may be Processed (as that term is defined in our Terms of Service or Privacy Policy (as amended from time to time)) by any member of the Zendesk Group or their authorized third party service providers in other regions, countries and territories. Processing of Service Data is performed as necessary to provide the applicable Service and all members of the Zendesk Group and third party service providers are subject to strict technical and organizational measures to protect the Service Data that is Hosted or Processed by them. Service Data may also be transferred, processed or disclosed as required by law or in response to subpoena or other legal process.

Protections for Personal Data

Service Data may include data relating to an identified or identifiable natural person, which includes persons that can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity (“Personal Data”). The European Commission’s Data Protection Directive (also known as Directive 95/46/EC )  (the “EU Directive”) sets out a number of data protection requirements which apply when Personal Data is being Processed.

Service Data is Processed by the Zendesk Group and its third party service providers in compliance with the EU Directive. T his includes compliance with requirements that Personal Data transferred from the EEA to other countries where the Zendesk Group or its third party service providers operate is adequately protected. Zendesk regularly enters into Data Processing Agreements with Zendesk’s Subscribers which incorporate EU Model Contract Clauses and detail our obligations with respect to the Processing of Personal Data . If you would like to review and enter into such an agreement, please contact privacy@zendesk.com.

Zendesk maintains an up-to-date list of the names and locations of all subprocessors (including members of the Zendesk Group and third parties) used for Hosting or other Processing of Service Data, including Personal Data, which can be found here or may be obtained by contacting privacy@zendesk.com.

Zendesk computing environments are continuously audited with standards, certifications and accreditations including ISO 27001:2013 and certified SOC 2 Type II; Zendesk servers are hosted at Tier III, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Learn more about Security at Zendesk here . By operating in an accredited environment, Zendesk Subscribers reduce the scope and cost of audits they need to perform. Zendesk continuously undergoes assessments of its underlying infrastructure, including the physical and environmental security of its hardware and data centers, so its Subscribers can take advantage of those certifications and simply inherit those controls.

Migration

For existing Zendesk Subscribers who enable Data Locality, a migration of Service Data to a data center in the requested region may be required. In this process, a copy of Subscriber’s Service Data will be created during the migration process for the purposes of assuring that all Service Data required to be migrated has been fully migrated to the data center in the specified region. This assurance process conducted by Zendesk may take up to thirty (30) days from the date of the commencement of such migration. After the migration process has been completed and confirmed, the deletion of the copy of the Subscriber’s Service Data in the former data center facility will commence under Zendesk’s data deletion policy available here . Subscribers should expect that migrations will likely require a scheduled downtime.

Zendesk Apps and Other Services

Service Data may be shared with Other Services (as that term in defined in our Terms of Service, as amended from time to time) , including third party applications that integrate with the Zendesk Support Service through apps and other integrations. These include Zendesk Apps made available on the Zendesk Marketplace or through the Agent interface in the Zendesk Support Service. Service Data that is Hosted or Processed through such Other Services is outside the scope of this policy.  Please contact the providers of these Other Services that you enable directly if you have questions about Hosting or Processing of Service Data through these Other Services.

Other Data Collected

As detailed in our Privacy Policy available here , we collect data and other information in connection with the operation and management of Zendesk, Inc., the Zendesk Group and the marketing, sales, support and administration of their respective businesses and services, including the Zendesk Service. This information may include Personal Data, including, among other information, payment information and the names and email addresses of individuals authorized to use the Zendesk Support Service as Agents (as that term is defined in our Terms of Service).  Our collection, use and sharing of this information is outside the scope of this policy and is governed by our Privacy Policy; however, you can be assured that we comply with the EU Directive with respect to all Personal Data included in such information.

Have more questions? Submit a request

Comments

  • 0

    @Ben. Our understanding is that even though we have have our data hosted in a specific region, i.e. EU, there are no guarantees that it will not be moved elsewhere, unless we pay £2,000 per month!!

Please sign in to leave a comment.

Powered by Zendesk