Depending on where you live, you may have legal rights to see, correct, delete, or port your personal data, and to opt out of how Databricks uses it for advertising or profiling purposes.
This analysis describes what Databricks's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are legally enforceable in jurisdictions like California, Colorado, and the EU, meaning Databricks is required to respond to valid requests within specific timeframes and cannot penalize you for exercising them.
If you live in California, the EU, or other covered jurisdictions, you have concrete legal rights to access, delete, or restrict how Databricks processes your personal data, and you can submit these requests through the OneTrust privacy portal linked in the notice.
How other platforms handle this
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
If you would like to opt out of the disclosure of your personal information for purposes that could be considered "sales" for those third parties' own commercial purposes, or "sharing" or processing for purposes of targeted advertising, please visit the following link, which is also available in the...
Monitoring
Databricks has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights regarding your personal information. These may include the rights to: Know what personal information we have collected about you; Correct inaccurate personal information; Delete your personal information; Receive a portable copy of your personal information; Opt-out of the sale or sharing of your personal information; Opt-out of targeted advertising; Opt-out of automated decision-making or profiling; Not be discriminated against for exercising these rights.— Excerpt from Databricks's Databricks Privacy Notice
REGULATORY LANDSCAPE: The rights enumerated in this provision map to GDPR Articles 15 through 22, CPRA sections governing consumer rights, and analogous provisions under the Colorado Privacy Act, Connecticut Data Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, and Montana Consumer Data Privacy Act. Enforcement authorities include EU/EEA supervisory authorities, the UK ICO, the California Privacy Protection Agency, and state attorneys general in covered US states. GOVERNANCE EXPOSURE: Medium. The notice's rights disclosure is broadly stated and jurisdiction-dependent, which is appropriate. However, the operational implementation of these rights, including response timelines, identity verification procedures, and appeal mechanisms, determines actual compliance. The notice references a 45-day response window consistent with most US state laws, with a possible 45-day extension. JURISDICTION FLAGS: California residents have the broadest set of rights under CPRA including the right to know about inferences and the right to correct. EU/EEA residents have GDPR rights including the right to restriction of processing and the right to object to legitimate interests processing. Oregon, Texas, Colorado, Connecticut, and Montana residents have opt-out rights for targeted advertising and profiling in addition to access and deletion rights. CONTRACT AND VENDOR IMPLICATIONS: B2B organizations whose employee or customer data Databricks processes as a controller should ensure that their own privacy notices accurately reference Databricks' role and that they have mechanisms to pass through data subject requests received from their own users to Databricks where applicable. COMPLIANCE CONSIDERATIONS: Legal teams should verify that Databricks' identity verification process for rights requests does not impose unnecessary barriers, that appeal procedures are disclosed as required under Colorado, Connecticut, and Texas law, and that the OneTrust portal is tested to confirm it correctly routes and acknowledges requests.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are legally enforceable in jurisdictions like California, Colorado, and the EU, meaning Databricks is required to respond to valid requests within specific timeframes and cannot penalize you for exercising them.
If you live in California, the EU, or other covered jurisdictions, you have concrete legal rights to access, delete, or restrict how Databricks processes your personal data, and you can submit these requests through the OneTrust privacy portal linked in the notice.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Databricks.