Talkdesk Privacy Notice
Last Updated: June, 2024
Talkdesk, Inc. (hereinafter, “Talkdesk”) is a US based company that acts in the CCaaS (Contact Center as a Service) space. As part of the contact center services Talkdesk provides to customers throughout the world, Talkdesk processes personal information on behalf of its customers (hereinafter, the “Customers”), acting as a processor for the purposes of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal information and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the “General Data Protection Regulation” or “GDPR”).
Additionally, Talkdesk also processes certain personal information acting as a data controller, determining the purposes and means of the processing (e.g. for billing and tax purposes).
Talkdesk is committed to comply with relevant applicable Privacy and Data Protection legislation and regulations to protect the personal information entrusted by its customers and when processing personal data as a controller. For this purpose, Talkdesk has implemented and regularly reviews Policies, Procedures, Standards and Guidelines.
This privacy notice covers the processing by Talkdesk of personal data both as data controller and as data processor. Data subjects whose personal information is processed by a customer of Talkdesk as data controller, must consult that customer’s privacy policies.
For the ease of understanding, this notice covers the same topics from both perspectives: Controller and Processor:
- What personal information is collected?
- How Talkdesk collects your data
- Why is personal information processed?
- How long is personal information retained?
- What are the data subject rights?
- How can a data subject/person exercise its rights?
- To whom may personal information be transferred?
- Where is information stored?
- How is information protected?
- Person Information from Children
- California User Consumer Rights (only as a controller)
Talkdesk as a Controller
Talkdesk as a Controller
What personal information is collected?
Talkdesk collects information about you limited to what is relevant, proportional, adequate and necessary for identified purposes. We consider the jurisdiction’s requirements that govern the information collection and we proceed according to applicable privacy & data protection legislation.
How Talkdesk Collects your data
Personal data that Talkdesk collects directly from you:
Talkdesk collects personal information that you voluntarily provide to us when you (i) register on the Talkdesk website, Talkdesk knowledge base, Talkdesk Academy website or Talkdesk Community, (ii) when you express an interest in obtaining information about Talkdesk, Talkdesk products, services and events, (iii) when you interact with Talkdesk social media campaigns via social networks, (iv) when you register in Talkdesk events, (v) when you apply for job offers, (vi) when you choose to download Talkdesk ebooks and use resources available in Talkdesk website or (vii) when you directly contact Talkdesk using the official contact mechanisms that we make available (phone, chat, email).
The information collected is: identification data (first name, last name), contact data (business email address, business phone number), professional details (functional role, company name, country).
When applying for a job offer, Talkdesk collects the information provided in the resume, cover letter and Linkedin profile.
Talkdesk also collects the information that you choose to share with us when contacting us through our official contact mechanisms.
Personal data obtained from third-party sources:
Talkdesk may use business contact information collected by third parties, including your employer, reseller partners, trusted strategic alliances, and acquired professional contacts databases. Appropriate privacy and security assessments are performed to ensure compliance with applicable laws and regulations and to ensure the collection of the data is lawful and uses fair means, including the existence of notice and collection of consent for sharing with third parties (Talkdesk), when required by the applicable laws.
The information used is: identification data (first name, last name), contact data (business email address, business phone number), professional details (functional role, company name), Linkedin Profile.
Personal data obtained from publicly accessible resources:
Talkdesk may also collect information about you from publicly accessible sources such as Linkedin.
The personal information collected is namely identification and contact data (e.g. email address and phone number), job details and skills to support our recruitment processes.
More details can be provided by the Data Protection Officer, email [email protected].
Why is personal information collected?
The purposes for which personal information is processed include:
- To contact you to respond to your requests, eg. when you request to experience a demo or when you request to get in touch with a Talkdesk solutions consultant;
- Recruiting and hiring management;
- To support our sales effort, including to get feedback from the engagement process – always in a B2B perspective;
- To send marketing information on our products and services marketing (including telemarketing) – B2B perspective;
- Customer relationship management, including management of the contractual relationship – this may include payment information;
- To provide support to our customers;
- Management of business relationships with prospective customers, vendors, suppliers, resellers or partners;
- Events registrations (including webinars, meet-ups, roundtables, Opentalk and others);
- Access to our offices;
- To provide you access to Talkdesk academy and training materials;
- To register and be a member of Talkdesk Communities (B2B);
- Navigation and usage of Talkdesk institutional site;
- Cookies usage (specific policy shared on site);
- To ensure compliance with applicable laws and regulations, including but not limited to export control and sanctions laws, and to assert Talkdesk rights or to defend Talkdesk against any legal claim.
Talkdesk collects the least amount of information required and only for the purposes identified above and the legal basis of each processing is one or more of the following: to perform a contract obligation, the furtherance of a legitimate interest, or with consent (in this case, explicit consent).
Processing for marketing and/or product & brand awareness purposes, depending on the context, may rely on a legitimate interest of Talkdesk or your consent. Talkdesk requires your consent according to the applicable laws, but may rely on legitimate interest when the applicable law allows and when you already have shown us interest in our products and services.
When Talkdesk uses your personal information based on consent, we ensure you have a free choice.
In communications related to marketing and/or product & brand awareness purposes, Talkdesk also provides a choice to opt-out of further communications.
With regard to Talkdesk’s processing of personal data for the purpose of export control and sanctions laws’ compliance, Talkdesk may conduct automated screenings against applicable sanctioned-party lists and, in case of a potential match, may ask for clarifications.
Talkdesk does not use or process personal data for other purposes and does not sell and does not allow its sub-processors to sell personal information (as the term “sell” is defined under the CCPA).
How long is personal information retained?
Data retention periods depend on the purposes of the processing. Under applicable legislation, Talkdesk provides more information on the data retention periods when personal information is collected. More details can be obtained through the Data Protection Officer’s email [email protected].
What are the data subject rights?
Data subjects’ rights depend on the jurisdictions where they are located. Typical data subjects rights include:
- Right of access: Right to obtain confirmation as to whether or not personal information concerning the data subject is being processed, and, where that is the case, access to that personal information.
- Right to rectification: Right to obtain rectification of inaccurate personal information concerning the data subject.
- Right to erasure or to be forgotten: Right to the erasure of personal information concerning the data subject.
- Right to restrict processing: Right to restrict the processing of the personal information to the extent permitted by law and in accordance with Talkdesk contractual and legal commitments.
- Right to data portability: Right to receive the personal information provided and concerning the data subject, in a structured, commonly used and machine-readable format.
- Right to object: Right to object to the processing of the data subject’s data for reasons related to their own particular situation.
- Right not to be subject to automated decision-making: Right not to be subject to a decision based solely on automated processing.
- Right to withdraw consent: Right to remove consent for specific processing.
- Right to complaint: Right to send a complaint to the competent authority.
In relation to collection, disclosure and use of personal data, data subjects are entitled to the following choices:
- Marketing messages: Data subjects can freely opt-in to receive marketing communication from Talkdesk products, services or job advertisements. Data subjects can opt out of email marketing messages by clicking on the unsubscribe link in the email or sending an email to [email protected].
- Events: Talkdesk may promote events related to the Contact Center industry and data subjects can freely fill in the registration form. Talkdesk will only collect the information needed to register the data subject and to communicate details of the event with the data subject.
- Cookies and similar technologies: When using our website, data subjects can decline cookies. You can see more details in our cookie policy.
- Job Opportunities: Data subjects can freely submit their applications using the Careers webform. Talkdesk only collects the fields needed to proceed with the recruitment and to be able to contact the job candidate. In addition, job candidates can freely opt-in to receive career opportunities and opt-out at any time.
How can a data subject/person exercise its rights?
Data subjects may exercise their rights by submitting a request to the Data Protector Officer by email at [email protected].
To whom may personal information be transferred?
Talkdesk may share, transfer or disclose personal information in specific situations to particular categories of recipients:
- Our trusted SaaS third parties providers, acting as processors and according to Talkdesk instructions;
- Talkdesk reseller partners, trusted strategic alliances that may support Talkdesk sales effort and according to privacy laws and regulations;
- Talkdesk partners and sponsors of Talkdesk promoted events and according to privacy laws and regulations;
- Talkdesk affiliates and according to Talkdesk’s security and privacy policies and applicable laws and regulation of each region;
- Government entities where the transfer of information is legally required under local laws or required to comply with legal requests;
- Potential buyers in connection to a merger & acquisition or any form of transfer or sale.
- Talkdesk has implemented mechanisms to choose and engage providers and, when required by law, disclose personal information to government entities.
Talkdesk does not sell and does not allow its sub-processors to sell personal information (as the term “sell” is defined under the CCPA).
A list of Talkdesk’s processors can be provided if requested to [email protected].
Where is information stored?
As a US headquartered multinational company, personal data may be collected, transferred to, processed, and stored by Talkdesk in the United States, by our affiliates that are based in other countries and the third-parties described in the preceding paragraph based in the United States and other countries.
Currently, Talkdesk is also established in Armenia, Australia, Brazil, Canada, China, Portugal, UK, and Singapore.
Personal data, when held physically, is stored in the same location as where it was produced.
Personal data, when held digitally, is mainly stored in the US and any transfer of information from European Economic Area (EEA) and Switzerland to the US or other countries is made based on:
- Adequacy Decision: Countries designated by the European Commission as having an adequate level of protection for personal information.
- Standard Contractual Clauses: Talkdesk relies on the European Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
How is information protected?
Talkdesk has implemented an Information Security and Privacy Information Management Systems (ISMS and PIMS) and BCMS (Business Continuity Management System) as a framework for continuous improvement of security, privacy and business continuity. The ISMS, PIMS, and BCMS include Policies, Awareness on Security and Privacy, adequate processual and technical controls, audit logging, and third-party due diligence, among others.
Talkdesk performs regular due diligence on third parties for security and privacy compliance.
Personal Information from Children
Talkdesk will never knowingly collect any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information will be immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties. This notice is given in compliance with the Children’s Online Privacy Protection Act (COPPA).
California User Consumer Rights
This section only applies when Talkdesk is a controller.
In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to [email protected]. For more information about protecting your privacy, you may wish to visit: http://www.ftc.gov.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. With respect to us, this privacy notice applies only to their activities within the State of California. To make such a request or if you have questions about this privacy notice, please send an email to [email protected].
Pursuant to the California Consumer Privacy Act 2018, consumers have the following rights:
- to delete personal information collected from them;
- to know what personal information a business has collected about them and how it is used and shared;
- to opt-out of the sale and sharing of their personal information;
- to non-discrimination for exercising their CCPA rights;
- to correct inaccurate personal information that a business has about them; and
- to limit the use and disclosure of sensitive personal information collected about them.
Talkdesk shall respond to consumers’ requests to exercise these rights which may be submitted to the Data Protector Officer by email at [email protected].
Talkdesk as a (Sub-)Processor
Talkdesk as a (Sub-)Processor
What personal information is processed?
When Talkdesk provides a cloud service and acts on behalf of its customers, Talkdesk acts as a processor or subprocessor depending on the customer’s responsibility. Therefore, the information that is collected by Talkdesk’s customers when using Talkdesk’s products is under customer’s responsibility as is the definition of the categories of data subjects.
Nevertheless, the information that is collected includes:
- Contact: typically, the customer’s end customer or prospect (it’s customer responsibility to define the types of contacts for which Talkdesk service is provided): Name, phone number and email.
- Agent: usually an employee of the customer that uses Talkdesk for inbound or outbound calls: Name, e-mail and associated phone number. May also include characteristics of the agent such as gender.
- Interactions: call metadata such as a contact phone number, agent phone number, date, time and duration of call and call context.
- Call recording: if configured in such a way, call recordings will also be collected.
- Content data: personal data that may be included in communications or as a result of Talkdesk products and services, as controlled by Talkdesk customers. Content data may include, as applicable to the respective service:
- Call Transcriptions: content data resulting from call transcriptions, where instructed by our customers.
- SMS Content: content data that can be integrated into a channel that allows asynchronous support from our customers who want to provide support via text message instead of calling.
- Chat Content: content data that can be integrated into a channel that allows asynchronous support from our customers who want to provide support via voice and digital chat conversations.
- Email Content: content data that can be integrated into a channel that allows asynchronous support to customers who want to contact support via incoming Email conversation.
- Screen Recordings: content data resulting from a recording of agent activity on CCaaS where enabled by our customers.
Talkdesk restricts the collection of the information to the minimum amount required to provide its services and it will be processed according to the purposes for which it was collected.
Why is personal information collected?
Personal data is collected to provide the service of Contact Center as a Service and to support and troubleshoot issues reported by our customers.
How long is personal information retained?
When customers act as controllers, they define the retention periods for the information they collect. Additionally, when a customer terminates its contract with Talkdesk, the information is removed according to the Master Subscription Agreement or earlier if requested.
Talkdesk may keep anonymized information (that will not identify directly or indirectly any agent, contact, or customer) for longer periods for analysis of how service is used and for the improvement of it.
What are the data subject rights?
Data subject rights depend on the jurisdictions where they are located and the jurisdictions where Talkdesk customers are located. Nevertheless, typical data subjects rights include:
- Right of access: Right to obtain confirmation as to whether or not personal information concerning the data subject is being processed, and, where that is the case, access to that personal information.
- Right to rectification: Right to obtain rectification of inaccurate personal information concerning the data subject.
- Right to erasure or to be forgotten: Right to the erasure of personal information concerning the data subject.
- Right to restrict processing: Right to restrict the processing of personal information to the extent permitted by law and in accordance with Talkdesk contractual and legal commitments..
- Right to data portability: Right to receive the personal information provided and concerning the data subject, in a structured, commonly used and machine-readable format.
- Right to object: Right to object to the processing of personal data for reasons related to your own personal situation.
- Right not to be subject to automated decision-making: Right not to be subject to a decision based solely on automated processing.
- Right to withdraw consent: Right to remove consent for specific processing.
- Right to complaint: Right to send a complaint to the proper authority.
How can a data subject exercise its rights?
When Talkdesk processes information on behalf of a customer, all data subject rights must be addressed directly to the customer.
To whom may personal information be transferred?
As a processor/service provider, Talkdesk only uses data to provide the service agreed and according to customer instructions and Talkdesk does not sell the information its customers collect while using Talkdesk service (as the term “sell” is defined under the CCPA).
Nevertheless, Talkdesk may use third-parties providers to provide its service and those providers follow the same security and privacy commitments as Talkdesk.
A list of Talkdesk sub-processors can be provided to customers. Such requests must be sent to [email protected].
Talkdesk may transfer data to potential buyers in connection to a merger & acquisition or any form of transfer or sale.
Talkdesk may disclose data to government entities where the disclosure of information is legally required under local laws or required to comply with legal requests.
Where is information stored?
Talkdesk HQ and main processing facilities are located in the US. However, Talkdesk has other processing facilities in other regions (such as Europe and Canada).
When a transfer of information from European Economic Area (EEA) and Switzerland to other countries happens, it’s made based on:
- Adequacy Decision: Countries designated by the European Commission as having an adequate level of protection for personal information.
- Standard Contractual Clauses: Talkdesk relies on the Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) pursuant to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
Transfers between other jurisdictions may require specific and additional provisions that must be defined by the customer in conjunction with Talkdesk.
How is information protected?
Talkdesk adopts an Information Security and Privacy Information Management Systems (ISMS and PIMS) and BCMS (Business Continuity Management System) as a framework for continuous improvement of security, privacy, and business continuity. The ISMS, PIMS, and BCMS include Policies, Awareness on Security and Privacy, adequate processual and technical controls, audit logging, and third-party due diligence, among others.
Talkdesk performs regular due diligence on third parties for security and privacy compliance.
Personal Information from Children
Talkdesk never knowingly collects any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information is immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties. This notice is given in compliance with the Children’s Online Privacy Protection Act (COPPA).
Download the Talkdesk Privacy Notice here.
Privacy Notice changes.
This notice may be updated from time to time to reflect changes in our practices, operational requirements and to be compliant with applicable privacy and data protections laws and regulations. Future changes made to this notice are published on our website. Any questions regarding this notice can be sent to [email protected].
How to Contact us.
For questions or complaints regarding this privacy notice and the privacy practices of Talkdesk, you may contact us at [email protected] or at our mailing address below:
For customer in non EEA region
Talkdesk Inc.
440 N Barranca Avenue #4375,
Covina, CA 91723 United States
For customer in EEA region
Talkdesk Inc. Portugal Unipessoal Lda,
Rua Pedro Nunes, Edifício IPN D, 1º Piso, módulo 1.12
Santo António dos Olivais, Coimbra
3030-199 Coimbra. Portugal