EU, UK, and Swiss users have the right to access, correct, delete, or move their personal data, to object to certain processing, and to complain to a data protection regulator.
This analysis describes what Lime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These GDPR-based rights give European users strong legal tools to control their data, including the ability to object to processing based on legitimate interest and to demand deletion of their information from Lime's systems.
If you are in the EU, UK, or Switzerland, you can request access to all data Lime holds about you, demand its deletion, or object to it being used for purposes like advertising, and you have the right to take complaints directly to a national data protection authority if Lime does not respond adequately.
How other platforms handle this
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the ...
Monitoring
Lime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have certain rights with respect to your personal information under applicable data protection law, including the right to access, rectify, or erase your personal information; the right to restrict or object to our processing of your personal information; and the right to data portability. You may also have the right to lodge a complaint with a data protection authority.— Excerpt from Lime's Lime Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Articles 15-22 (data subject rights), Article 77 (right to lodge a complaint with a supervisory authority), and equivalent UK GDPR and Swiss nFADP provisions. The relevant enforcement authorities are EU national DPAs under the one-stop-shop mechanism (Lime's lead supervisory authority depends on its EU establishment), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC). Cross-border data transfers from EU/EEA to Lime's US operations require adequate transfer mechanisms such as SCCs under GDPR Chapter V. GOVERNANCE EXPOSURE: High. The document does not specify which EU member state serves as Lime's lead supervisory authority, which is required for GDPR Article 56 one-stop-shop compliance. The omission of transfer mechanism details (SCCs, adequacy decisions) for EU-to-US data flows is a notable gap. The right to object to legitimate interest processing under Article 21 may significantly constrain Lime's ability to use geolocation and behavioral data for analytics and advertising in the EU. JURISDICTION FLAGS: EU/EEA, UK, Switzerland. Germany has particularly active DPA enforcement (multiple Landesbeauftragter). France (CNIL), Netherlands (AP), and Ireland (DPC) are active enforcement jurisdictions. The UK ICO operates independently post-Brexit. Lime's operations in EU cities may trigger additional national-level sector regulations. CONTRACT AND VENDOR IMPLICATIONS: All EU user data flows to US-based processors and advertising partners require documented SCCs or other transfer mechanisms. Joint controller arrangements with EU municipal partners may require Article 26 agreements. DPAs with EU advertising and analytics vendors must satisfy Article 28 requirements. COMPLIANCE CONSIDERATIONS: Confirm lead supervisory authority designation and registration, document transfer mechanisms for all EU-to-US data flows, ensure DPIA is completed for large-scale location processing, audit whether right-to-object mechanisms for legitimate interest processing are operational, and verify data subject request response procedures meet 30-day GDPR timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These GDPR-based rights give European users strong legal tools to control their data, including the ability to object to processing based on legitimate interest and to demand deletion of their information from Lime's systems.
If you are in the EU, UK, or Switzerland, you can request access to all data Lime holds about you, demand its deletion, or object to it being used for purposes like advertising, and you have the right to take complaints directly to a national data protection authority if Lime does not respond adequately.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Lime.