Zendesk prioritizes data security and combines Enterprise-class security features with comprehensive audits of our applications, systems and networks to ensure that customer and business data is always protected. Brazil`s Basic Data Protection Act (LGPD) came into force on 16 August 2020. It is the main law in Brazil that deals with the protection of personal data. Zendesk customers who collect and store personal data in Zendesk services may be considered “companies” under the CCAC. Companies are primarily responsible for the compliance of their handling of personal data with applicable data protection legislation, including the CCAC. Zendesk acts as a “provider” because this term is defined in the current CCAC version of the processing of personal data for our services. As a result, Zendesk collects the personal data of our customers and end-users of our customers processed through the Services, only for the purpose of fulfilling our obligations under our existing contracts with our customers, on, managing, using, trading and transmitting; and, for no commercial purpose other than fulfilling such commitments and improving the services we offer. The U.S. Department of Commerce, together with the European Commission and the Swiss government, founded the EU-US, Switzerland and the United States. Privacy Shield Frameworks (Privacy Shield) to provide companies with a mechanism for transferring personal data from the European Union to the United States in a way that provides an adequate level of protection within the meaning of EU data protection legislation. A processing manager is exempt from these obligations if he cannot identify the personal data he holds relating to the person concerned (i.e.
when personal data is anonymized and cannot be re-identified). In some situations, we may be required to disclose personal data in response to legal requests from the authorities, including national security and enforcement requirements. We may disclose personal data to respond to subpoenas, court decisions or court proceedings, or to justify or exercise our legal rights or to defend ourselves against rights. We may also disclose such information to law enforcement or the relevant authorities if we believe it is necessary to investigate, prevent or take illegal activities, alleged fraud, situations that involve potential risks to a person`s physical safety, breaches of our master`s contract or other legal measures.