The policy references applicability to EU/EEA/UK users and the existence of GDPR data subject rights including access, rectification, erasure, restriction of processing, data portability, and the right to object. The specific legal bases for processing and the mechanisms for exercising these rights are disclosed in the full policy text, which was truncated in the provided document.
This analysis describes what Boston Dynamics's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that EU, EEA, and UK users have GDPR-derived rights over their personal data processed by Boston Dynamics, including through HubSpot and Google Tag Manager. The absence of explicit legal basis disclosures in the truncated document text may represent a gap relative to GDPR Article 13 requirements.
Interpretive note: The full GDPR disclosure text, including enumerated legal bases for processing and cross-border transfer mechanisms, was not available in the truncated document and cannot be assessed from the provided text.
Under these terms, EU/EEA/UK users may exercise rights including access, deletion, portability, and objection with respect to personal data processed by Boston Dynamics and its service providers. The agreement establishes that these rights are available to users in these jurisdictions.
Cross-platform context
See how other platforms handle EU/EEA/UK GDPR Data Subject Rights and similar clauses.
Compare across platforms →Monitoring
Boston Dynamics has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
1. REGULATORY LANDSCAPE: This provision engages GDPR Articles 13, 15-22 (transparency and data subject rights), Article 28 (processor requirements), and Article 46 (cross-border transfer mechanisms). The relevant enforcement authorities are EU/EEA national Data Protection Authorities and the UK ICO. The policy's use of US-based processors (HubSpot, Google) requires valid cross-border transfer mechanisms under GDPR Article 46, such as Standard Contractual Clauses or reliance on the EU-US Data Privacy Framework. 2. GOVERNANCE EXPOSURE: Medium. The truncated document does not explicitly enumerate the legal bases for processing personal data of EU/EEA/UK users, which would be required under GDPR Article 13. If the policy lacks this disclosure in the full text, this creates a compliance gap relative to GDPR transparency requirements. The right to object to processing based on legitimate interests (Article 21) and the right to withdraw consent are operationally significant given the cookie-based tracking architecture. 3. JURISDICTION FLAGS: This provision applies to EU/EEA and UK users. Organizations in the EU/EEA operating Boston Dynamics robots or engaging with the company's website should assess whether their employees' data is subject to GDPR obligations when interacting with Boston Dynamics' digital infrastructure. Post-Brexit UK GDPR obligations apply separately to UK users. 4. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with HubSpot and Google must include GDPR Article 28-compliant terms, and cross-border transfer documentation must be maintained. If Boston Dynamics appoints a European Data Protection Representative (required for controllers not established in the EU that process EU personal data), this should be disclosed in the policy. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the full privacy policy includes explicit legal basis disclosures for each processing activity involving EU/EEA/UK personal data, that a data subject request workflow capable of responding within GDPR's 30-day timeline is in place, and that cross-border transfer mechanisms with HubSpot and Google are documented and current.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that EU, EEA, and UK users have GDPR-derived rights over their personal data processed by Boston Dynamics, including through HubSpot and Google Tag Manager. The absence of explicit legal basis disclosures in the truncated document text may represent a gap relative to GDPR Article 13 requirements.
Under these terms, EU/EEA/UK users may exercise rights including access, deletion, portability, and objection with respect to personal data processed by Boston Dynamics and its service providers. The agreement establishes that these rights are available to users in these jurisdictions.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Boston Dynamics.