Candidate Privacy Notice

Effective as of June 07, 2021, Zendesk, Inc. (“Zendesk”), and its subsidiaries (collectively, the “Zendesk Group” or “we” or “us” or “our”), have updated our Candidate Privacy Notice (“Notice”). This Notice may be updated to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices.

Table of Contents

1. About this Notice
2. Information we may collect when you apply
3. Purposes for processing personal information
4. Who will see your personal information
5. How long we retain your personal information
6. Who to contact

Additional GDPR Disclosures
Additional CCPA Disclosures
With Whom We Share Personal Information

1. About this Notice

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice describes how Zendesk handles your personal information when you apply for a job or other role with us and the rights you have in connection with that information. It is important that you read all of this Notice carefully. The term “Candidate” is used in this Notice to refer to anyone who applies for a job role, who applies for the relevant talent pool, who is considered for a role or for a relevant talent pool or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis).

This Notice is set out in this document and:

• for those Candidates in the EEA, United Kingdom (UK) and Switzerland, the “Additional GDPR Disclosures” annexed to this document; and
• for those Candidates who are residents of California, the “Additional CCPA Disclosures” annexed to this document

Please address any questions or requests relating to this Notice to privacy@zendesk.com.

2. Information we may collect when you apply

When you apply for a job role at (or otherwise seek to work with) Zendesk, we will collect, use and disclose certain information directly from you as well as from third party sources.

• Information we may collect from you

We will collect and process personal information from you through the application and recruitment process. Such information may include, but is not limited to:

• Name and other personal information such as gender, date and place of birth;
• Contact information, such as address, telephone number, and e-mail address;
• Past employment history (including previous employers, job titles, or positions) and references in order to evaluate potential employees for employment;
• Other academic, professional, and training information, such as academic degrees and professional qualifications;
• Your CV/résumé (which may include details of any memberships or interests constituting Sensitive Personal Information (as that term is defined herein))
• National identifiers such as nationality/ies, national IDs/passport, social security / insurance numbers, immigration information, and visa status
• Information relating to previous applications you have made to Zendesk and/or any previous employment history with Zendesk
• Information concerning your application and our assessment of it;
• CCTV images; and
• Any other information you voluntarily provide throughout the process, including online, through interviews or other forms of assessment.

During the recruitment process, we generally do not collect or process any “Sensitive Personal Information” (but see next paragraph below for circumstances when we may collect or process such information). Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation

However, there are circumstances in which we are required or permitted by local law to process Sensitive Personal Information. For example, Zendesk may be required to collect information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws or for government reporting obligations. Similarly, information about your physical or mental condition may be collected in order to consider accommodations we need to make for the recruitment process and/or subsequent job role. You may also provide, on a voluntary basis, other Sensitive Personal Information during the recruiting process.

If you are applying as a Candidate in the UK, Switzerland or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

• Information we may collect from other sources

We may collect some or all of the following personal information from other sources (in each case where permissible and in accordance with applicable law) when you apply for a role with Zendesk:

• References provided by referees;
• Other background information provided or confirmed by academic institutions and training or certification providers;
• Criminal records data obtained through criminal records checks;
• Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries);
• Information provided by recruiting or executive search agencies; and
• Information collected from publicly available sources, including any social media platforms you use or other information available online.

If you are applying as Candidate in the UK or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

3. Purposes for processing personal information

We collect and use personal information primarily for recruiting purposes—in particular, to determine your qualifications for employment and to make a hiring decision. This includes assessing your skills, qualifications, and background for a particular role, verifying your information, carrying out reference and/or background checks (where applicable) and generally managing the hiring process and communicating with you about it.

If you are accepted for a role at Zendesk, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within Zendesk in the future. Please see Section 5 of this Notice for more details.

If you are applying as Candidate in the UK, Switzerland or the EEA please see “Additional GDPR Disclosures” for more information about the personal information we process and why.

If you are a California resident, please see “Additional CCPA Disclosures” for more information about the personal information we process and why.

4. Who will see your personal information

To carry out the purposes outlined above, your personal information may be shared internally with managers, HR and recruitment teams, systems administrators, and other members of Zendesk’s group for our recruitment processes.

We will only disclose your personal information outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.

In accordance with applicable law, we may disclose your personal information if it is necessary for our legitimate interests as an organization or the interests of a third party (but we will not do this if these interests are overridden by your interests and rights in particular to privacy). We may also disclose your personal information if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.

Specific circumstances in which your personal information may be disclosed include:

• where we consider disclosure is necessary or required by law, to exercise, establish, or defend our legal rights, or to protect your vital interests or those of any other person;
• where we engage third party vendors to perform services on our behalf and these third parties must process personal information to provide their services. Examples include: (a) recruiting or executive search agencies involved in your recruiting; (b) background checking or other screening providers and relevant local criminal records checking agencies; (c) data storage, shared services and recruiting platform providers, IT developers and support providers and providers of hosting services in relation to our careers website; and (d) third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing / reporting issues; and
• in connection with a proposed sale, reorganization, or disposal of Zendesk or any Zendesk business unit.

5. How long we retain your personal information

Your personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice (or as otherwise required by applicable law). If you are successful with your application your personal information will be kept in accordance with our Employment Privacy Notice. If you are unsuccessful your personal information will be kept for the duration of the application process plus a reasonable period of time after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to your application. We may also retain your personal information to consider you for other suitable openings within Zendesk in the future.

If you would like to opt out from Zendesk’s policy of retaining your information for the purposes of considering you for other suitable openings, please email privacy@zendesk.com or use the opt-out tool provided to you via Zendesk’s recruiting application platform.

6. Who to contact

Zendesk respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any we will respond to your request within a reasonable timeframe and provide you an explanation. Please address any questions or requests relating to your rights under this Notice to peopleops@zendesk.com or privacy@zendesk.com, or at:

Zendesk’s United States Representative:

Zendesk’s European Representative:

If you have complaints relating to our processing of your personal information, you should raise these with Zendesk’s recruitment teams or HR in the first instance.

You may also raise complaints with the statutory regulator in your jurisdiction. A list of contact details for the EU data protection authorities is available here.

Additional GDPR Disclosures

Under the General Data Protection Regulation (“GDPR“), if you are a Candidate in the United Kingdom (“UK”), Switzerland or the European Economic Area (EEA), we are required to provide you with additional information about our processing of your personal information.

Controller of your personal information

If you are a Candidate located in the UK, Switzerland or EEA, the Zendesk entity which you are applying to is the controller of your personal information. As data controller, that Zendesk is responsible for ensuring that the processing of your personal information complies with applicable EU data protection law.

Legal basis for processing your personal information (EEA candidates only)

Our legal basis for collecting and using your personal information will depend on the information concerned. However, for the purposes of this Notice, we will process your personal information where: (a) the processing is in our legitimate interests (as summarized above in Section 3) (and not overridden by your data protection interests or fundamental rights and freedoms) and (b) where we have a legal obligation to do so.

More specific information on these, examples of the data and the grounds on which we process data are in the table below. The examples in the table cannot, of course, be exhaustive.

Your rights

Depending on where you are located, you may have certain rights in relation to your personal information. For instance, Candidates located in the UK, Switzerland and the EEA may request access to the personal information we process, and/or to ask that we update, correct, restrict the scope of use of or delete the personal information that we process. You may also be entitled to object to the processing of your personal information or to request portability of your personal information. If we rely on your consent to process your personal information, you may withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.

Depending on the jurisdiction in which you work you may have other rights in relation to your personal information. For instance, if you are employed in France you may have the right to give instructions concerning the use of your personal information after your death.

If you would like to exercise any of your rights, or if you would like more information about these rights or the rights which may apply in your jurisdiction, please please see section 6 (“Who to contact”).

In the event you feel we have misused your personal information; you may notify us of your complaint at any time by using the contact information in section 6 (“Who to contact”). If you are located in the UK, Switzerland or EEA, you may also have the right to complain to a data protection authority about our collection and use of your personal information. The supervisory authority in your home EU member state may work with the U.S. Department of Commerce and the Federal Trade Commission. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here. As a last resort where none of the preceding avenues have satisfactorily resolved your complaint, you may have the right to invoke binding arbitration provided by the “Privacy Shield Panel”.

International transfers outside the EEA

As a global organization headquartered in the United States and we have offices and / or employees across the EU, and in Australia, the Philippines, Singapore, Japan, Thailand, New Zealand, India, South Korea, Brazil, Mexico, and Canada. Therefore we will transfer your personal information outside the European Economic Area (EEA) to members of our Group as well as to third parties.

These countries may have data protection laws that are different, and potentially less protective, than the laws of your own country. However, Zendesk has and will continue to implement measures with any recipients of your personal information to ensure it remains protected in accordance with this Notice and applicable data protection laws and to ensure that the transfer is lawful and that there are appropriate security arrangements in place. These protections include:

• our approved binding corporate rules known as the Zendesk Binding Corporate Rules (“Zendesk’s BCRs”) which can be accessed here;
• our Privacy Shield Certification; and
• where appropriate the EU standard contractual clauses.

Zendesk complies with the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, UK and Switzerland to the United States. Zendesk has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Where Zendesk has received your personal information in the United States and subsequently transfers that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, Zendesk will remain liable, unless Zendesk can prove that it is not responsible for the event giving rise to the damage. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Because Zendesk is an active participant in the EU-US and Swiss-US Privacy Shield Frameworks, it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Further, Zendesk will, at all times, cooperate with EU Data Protection Authorities (DPAs), the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the UK Information Commissioner’s Office (ICO). We will comply with the advice given by such authorities with regard to human resources data transferred from the EEA, UK and Switzerland in the context of our employment relationships. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request

Additional CCPA Disclosures

Under the California Consumer Privacy Act (“CCPA”), if you are a resident of California, we are required to provide you with additional information about how we collect, use, and disclose personal information as defined under California law (hereinafter referred to as “Personal Information”). These disclosures should be read in conjunction with the Zendesk Candidate Privacy Notice.

Note that these disclosures do not apply to our handling of data gathered about you in your role as a person who interacts with us while using our products and services. When you interact with us as in that role, the Zendesk Privacy Policy associated with the relevant service applies.

Types of Personal Information We Handle

We collect, store, and use various types of Personal Information through the application and recruitment process. We collect such information either directly from you or (where applicable) from another person or entity, such as an employment agency or consultancy, background check provider, or other referral sources.

The type of information we have about you varies based on the application process and may include, where applicable:

• Identification and contact information, and related identifiers such as full name, date and place of birth, and permanent residence, contact information about you and your beneficiaries or emergency contacts.
• Professional or employment-related information, including:
  • Recruitment, employment, or engagement information such as application information copies of identification documents, and background screening results and references.
  • Career information such as job titles; work history; performance information; information about qualifications; disciplinary and grievance information; and termination information
• Education information such as institutions attended, degrees, certifications, training courses, publications, and transcript information.
• Potentially protected classification information such as race, sex/gender, religious/ philosophical beliefs, gender identity/expression, sexual orientation, marital status, military service, nationality, ethnicity, citizenship, request for family care leave, political opinions, health information (only if required by law), and criminal history.
• Other information such as any information you voluntarily choose to provide in connection with your job application.

Como Usamos Informações Pessoais

We collect, use, share, and store Personal Information from Candidates for our and our service providers’ business and operational purposes in our recruitment and hiring process such as: processing your application; tracking your application through the recruitment process; contacting references with your authorization; conducting background checks you authorize; evaluating you for current and future job opportunities, including matching your skills and interest to applicable job requirement; communicating with you throughout the hiring process; and making hiring decisions. We will also use Candidate information for internal analysis purposes to understand the Candidates who apply and to improve our recruitment process, including improving our diversity and inclusion efforts. We may sometimes need to use Candidate information for legal purposes, such as in connection with any challenges made to our hiring decisions.

With Whom We Share Personal Information

We will disclose Candidate personal information to the following types of entities or in the following circumstances (where applicable):

• Internally: to other Zendesk personnel involved in the recruiting and hiring processes.
• Service Providers: in order to administer services during the Zendesk hiring process. These service providers include technology service providers, travel management providers, human resources suppliers, background check companies, and employment agencies or recruiters, where applicable.
• Legal Compliance: when required to do so by law, regulation, or court order or in response to a request for assistance by the police or other law enforcement agency.
• Litigation Purposes: to seek legal advice from our external lawyers or in connection with litigation with a third party.
• Business Transaction Purposes: in connection with a sale, purchase, or merger.