Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsent
Free plan · 10-min setup
Zendesk is a US-based customer service and support platform providing ticketing, live chat (Zendesk Web Widget), email support, help centres, and AI-powered service automation. For European businesses, Zendesk offers an EU data region (Frankfurt) on certain plans. The Web Widget tracking cookies require consent, while ticket-based support may rely on legitimate interest or contract performance. Zendesk provides comprehensive GDPR documentation and a DPA.
Zendesk is a customer service and support platform providing a unified suite of tools including ticket management, live chat (Zendesk Web Widget and Messaging), email support, phone support, a self-service help centre, and AI-powered automation. It is used by businesses of all sizes to manage customer support interactions across multiple channels. Zendesk also provides Zendesk Sell (CRM) and Sunshine (customer data platform) products.
Zendesk processes customer names, email addresses, phone numbers, ticket content, conversation history, device information, IP addresses, agent interactions, and any attachments or files submitted via tickets. Contact centre deployments may include call recordings. Help centre usage analytics track which articles are viewed and searched. The breadth of data depends on which Zendesk products are deployed.
Different Zendesk features require different legal bases. Ticket-based customer support: contract performance or legitimate interest for the support function. Web Widget tracking cookies: consent under the ePrivacy Directive before the widget loads. Proactive chat initiated by Zendesk: legitimate interest for existing customers. Email marketing via Zendesk: separate consent required. Zendesk Sell CRM contacts: legitimate interest or contract performance depending on relationship.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Zendesk offers an EU data region (Frankfurt) for customers on eligible plans. When configured, ticket data, user profiles, and conversation content are stored within the EU, eliminating SCCs for primary data flows. Request EU data region from your Zendesk account manager. Standard deployments use US infrastructure requiring SCCs.
Sign the Zendesk DPA and request EU data region if required. Block the Zendesk Web Widget via CMP until cookie consent is obtained. Configure cookie consent settings in Zendesk Web Widget. Add Zendesk to your privacy policy. Define data retention periods in Zendesk and configure auto-deletion. Implement the Zendesk Users API for data subject access and erasure requests. For contact centre deployments, configure call recording notifications.
Websites using Zendesk must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for large-scale Zendesk deployments processing significant volumes of customer support data, particularly for contact centres, healthcare support, or financial services where sensitive personal information is regularly processed in tickets.
Sample consent text
We use Zendesk to provide customer support. Zendesk stores our support communications and may use cookies to recognise you across sessions. Data is processed in accordance with our privacy policy. You can contact us directly if you prefer not to use the chat widget.
Third-party domains contacted
zendesk.comstatic.zdassets.comekr.zdassets.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| __zlcmid | persistent | 1 year | Zendesk live chat visitor identifier for maintaining chat session continuity across pages |
| ZD-buid | persistent | 1 year | Zendesk browser identifier for session management and visitor recognition in the Web Widget |
Zendesk uses cookies for user preferences — inform visitors with a consent banner.
Zendesk Web Widget tracking cookies require consent under the ePrivacy Directive. Ticket-based support may rely on legitimate interest or contract performance without cookie consent. Load the Web Widget only after functional/analytics consent is obtained.
Yes. Zendesk offers an EU data region (Frankfurt) on eligible plans. Contact your Zendesk account manager to enable it. This keeps ticket data, user profiles, and conversations within the EU, eliminating SCCs for primary data flows.
Contract performance (Art. 6(1)(b)) for support that is part of the service relationship. Legitimate interest (Art. 6(1)(f)) for managing customer support operations. Consent is not required for processing tickets submitted by customers seeking help.
Zendesk sets __zlcmid (visitor ID, 1 year) for the live chat widget and ZD-buid (browser ID) for session continuity. These require consent under the ePrivacy Directive before the widget loads.
Yes. Sign the Zendesk Data Processing Agreement (available at zendesk.com/company/privacy-and-data-protection). For EU data region customers, verify the DPA covers your specific residency configuration.
For access requests: use the Zendesk Users API to export user data and associated tickets. For erasure requests: use the Zendesk GDPR compliance features to delete user data. Zendesk provides a bulk deletion tool for contacts. Respond within 30 days and document all actions.
Retention should be limited to what is necessary. For customer support: typically retain for the duration of the customer relationship plus a reasonable dispute resolution period (12-24 months). Configure automatic deletion in Zendesk or use scheduled cleanup via API.
Freshdesk (EU data centre option), HelpScout (EU option), and Zammad (self-hostable, German origin) provide customer support functionality with EU data residency options.