Last Updated: May 11, 2021
Talkdesk, Inc. (hereinafter, “Talkdesk”) is a US based company (353 Market Street, level 1, San Francisco, CA 94111 – United States) that acts on the CCaaS (Contact Center as a Service) space. As part of the contact center services Talkdesk provides to customers throughout the world, Talkdesk processes personal information on behalf of its customers (hereinafter, the “Customers”), acting as a processor to the purposes of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal information and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the “General Data Protection Regulation” or “GDPR”).
Additionally, Talkdesk also processes personal information of its own, acting as a controller, i.e. determines the purposes and means of the processing of personal information to some purposes (e.g. billing and tax purposes).
This privacy notice covers both situations. Data subjects whose personal information is processed by Talkdesk’s Customer must consult Customer’s privacy policies.
For easier understanding, this notice covers the same topics from both perspectives: Controller and Processor:
- What personal information is collected?
- Why is personal information collected?
- How long is personal information retained?
- What are the data subject rights?
- How can a data subject/person exercise its rights?
- To whom is personal information transferred?
- Where is information stored?
- How is information protected?
- Person Information from Children
- Privacy Shield Independent Recourse Mechanism
- California User Consumer Rights (only as a controller)
Talkdesk as a Controller
What personal information is collected?
Talkdesk collects information about you limited to what is relevant, proportional, adequate and necessary for identified purposes. We consider the jurisdiction’s requirements that govern the information collection and we proceed according to applicable privacy & data protection legislation.
Talkdesk collects personal information that you voluntarily provide to us when you register on Talkdesk website, when you express an interest in obtaining information about Talkdesk or Talkdesk products and services, when you register in Talkdesk events, or when you apply for job offers.
Talkdesk may use trusted third parties to collect business contact information. Appropriate privacy and security assessments are performed to ensure compliance with applicable laws and regulations and to ensure the collection of the data is lawful and uses fair means.
Talkdesk may also collect information about you from publicly accessible sources. The personal information collected is namely identification and contact data (email address and phone number). Since Talkdesk is a B2B company, the contact data collected is business contact data – with exception of job offers.
When applying for a job offer, Talkdesk collects the information provided in the resume and cover letter and may also collect publicly available information, for instance, using social networks such as LinkedIn.
More details can be provided through the Data Protector Officer email [email protected]
Why is personal information collected?
The purposes for which personal information is processed includes:
- Customer relationship management – this may include payment information;
- Management of business relationships with prospective customers, vendors, suppliers, resellers or partners;
- Events registrations (including webinars, meet-ups, roundtables, Opentalk and others);
- Access to our offices;
- Talkdesk academy;
- CX Talent;
- Talkdesk Communities (B2B);
- Navigation and usage of Talkdesk institutional site;
- Cookies usage (specific policy shared on site).
How long is personal information retained?
Data retention periods depend on the purposes of the processing. Under applicable legislation, Talkdesk provides more information on the data retention periods when personal information is collected. More details can be obtained through the Data Protection Officer’s email [email protected].
What are the data subject rights?
Data subject rights depends on the jurisdictions where they are located and typical data subjects rights include:
- Right of access: Right to obtain confirmation as to whether or not personal information concerning the data subject is being processed, and, where that is the case, access to that personal information.
- Right to rectification: Right to obtain rectification of inaccurate personal information concerning the data subject.
- Right to erasure or to be forgotten: Right to the erasure of personal information concerning the data subject.
- Right to restrict processing: Right to restrict the processing of the personal information to the extent permitted by law and in accordance with Talkdesk contractual and legal commitments.
- Right to data portability: Right to receive the personal information provided and concerning the data subject, in a structured, commonly used and machine-readable format.
- Right to object: Right to object to the processing of your data for reasons related to your own personal situation.
- Right not to be subject to automated decision-making: Right not to be subject to a decision based solely on automated processing.
- Right to withdraw consent: Right to remove consent for specific processing.
- Right to complaint: Right to send a complaint to the proper authority.
- Right to prevent your information from being sold: Right to state that you do not want your personal information to be sold to anyone.
- Right to non-discrimination: Right to not receive discriminatory treatment for the exercise of the data subject rights.
In relation to collection, disclosure and use of personal data, data subjects are entitled of the following choices:
- Marketing messages: Data subjects can freely opt-in to receive marketing communication from Talkdesk products, services or job advertisements. Data subjects can opt out of email marketing messages by clicking on the unsubscribe link in the email or sending an email to [email protected]
- Events: Talkdesk may promote events related to the Contact Center industry and Data Subject can freely fill in the registration form. Talkdesk will only collect the information needed to register the data subject and to communicate details of the event with the Data Subject.
- Job Opportunities: Data Subjects can freely submit their applications using the Careers webform. Talkdesk only collects the fields needed to proceed with the recruitment and to be able to contact the job candidate.
How can a data subject/person exercise its rights?
The exercise of data subject rights can be requested to the Data Protector Officer email [email protected].
To whom is personal information transferred?
Taldesk may share, transfer or disclose your information in specific situations to particular categories of recipients:
I. Our trusted SaaS third parties providers, acting as processors and according to Talkdesk instructions;
II. Talkdesk affiliates and according to Talkdesk’s security and privacy policies and applicable laws and regulation of each region;
III. Government entities where the transfer of information is required under local laws.
Talkdesk has implemented mechanisms to choose and engage providers and, when required by law, disclose personal information to government entities.
Talkdesk does not sell and does not allow its sub-processors to sell personal information (as the term “sell” is defined under the CCPA).
A list of Talkdesk’s processors can be provided if requested [email protected]
Where is information stored?
Personal data, when held digitally is mainly stored in the US and any transfer of information from European Economic Area (EEA) and Switzerland to the US is made based on:
- Adequacy Decision: Countries designated by European Commission as having an adequate level of protection for personal information.
- Standard Contractual Clauses: Talkdesk relies on the European Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU.
- Privacy Shield: Talkdesk complies with the EU–U.S. Privacy Shield and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union and Switzerland to the United States, respectively. Talkdesk has certified to the Department of Commerce that adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Talkdesk certification, please visit https://www.privacyshield.gov.
How is information protected?
Talkdesk has implemented an Information Security and Privacy Information Management Systems (ISMS and PIMS) and BCMS (Business Continuity Management System) as a framework for continuous improvement of security, privacy and business continuity. The ISMS, PIMS, and BCMS include Policies, Awareness on Security and Privacy, adequate processual and technical controls, audit logging, and third-party due diligence, among others.
Talkdesk performs regular due diligence on third parties for security and privacy.
Personal Information from Children
Talkdesk will never knowingly collect any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information will be immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties. We have designed this notice in order to comply with the Children’s Online Privacy Protection Act (COPPA).
Privacy Shield Independent Recourse Mechanism
If necessary, we have further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield and Swiss–U.S. Privacy Shield to JAMS, an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission. The Federal Trade Commission has jurisdiction over Talkdesk’s compliance with this notice and the EU–U.S. and Swiss–U.S. Privacy Shield Frameworks. In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield, Talkdesk is potentially liable.
In compliance with the Privacy Shield Principles, Talkdesk commits to resolve complaints about our collection or use of your personal information. EU individ